F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
328
# Retrieve the CA certificate.
[Firewall] pki retrieval-certificate ca domain sslvpn
# Apply for a certificate for the firewall.
[Firewall] pki request-certificate domain sslvpn
2. Configure an SSL server policy for the SSL VPN service:
# Configure an SSL server policy named myssl, and specify the policy to use PKI domain sslvpn.
[Firewall] ssl server-policy myssl
[Firewall-ssl-server-policy-myssl] pki-domain sslvpn
[Firewall-ssl-server-policy-myssl] quit
3. Configure SSL VPN:
# Specify the SSL server policy myssl and port 443 (default) for the SSL VPN service.
[Firewall] ssl-vpn server-policy myssl
# Enable the SSL VPN service.
[Firewall] ssl-vpn enable
4. Verify the configuration.
On the user host, launch the IE browser and input https://10.1.1.1/svpn in the address bar. You
can open the Web login interface of the SSL VPN gateway.
For more information about PKI configuration commands, SSL configuration commands, and the
public-key local create rsa command, see Network Management Command Reference.
NOTE:
You can also use the factory default certificate.
72B
Configuring SSL VPN in the Web interface
In an SSL VPN, a user can establish up to 20 connections to access the resources in the VPN, including
IP network resources, TCP application resources, Web application resources, and the SSL VPN gateway
itself. However, a user can establish up to 10 connections to access TCP application resources.
278BConfiguring SSL VPN gateway
The following matrix shows the feature and hardware compatibility:
Hardware Feature
com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 No
Firewall module No
U200-A Yes
U200-S Yes