R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
329
Configuring SSL VPN
To implement SSL VPN, you must perform some configuration in the web interface and some
configuration at the CLI.
Feature and hardware compatibility
Feature F1000-A-EI/S-EI
F1000-E
F5000 Firewall module
Configuring SSL VPN Yes Yes No No
SSL VPN overview
SSL VPN is a VPN technology based on Secure Sockets Layer (SSL). It works between the transport layer
and the application layer. Using the certificate-based identity authentication, data encryption, and
integrity verification mechanisms that SSL provides, SSL VPN can establish secure connections for
communications at the application layer.
SSL VPN has been widely used for secure, remote web-based access. For example, it can allow remote
users to access the corporate network securely. Figure 214 sh
ows a typical SSL VPN network. On the SSL
VPN gateway, you can create resources to represent the resources on the servers in the internal network.
To access an internal server, a remote user first needs to establish a Hypertext Transfer Protocol Secure
(HTTPS) connection with the SSL VPN gateway and selects the resources to be accessed. Then, the SSL
VPN gateway forwards the resource access request to the internal server. In the SSL VPN deployed
network, the SSL VPN gateway will establish an SSL connection to a remote user and then authenticate
the user before allowing the user to access an internal server, protecting the internal servers.
Figure 214 Network diagram for SSL VPN configuration
How SSL VPN works
SSL VPN works in the following procedure: