HP VPN Firewall Appliances VPN Configuration Guide
320
• Granular access control of network resources. On the SSL VPN gateway, you can configure multiple
resources and users, add resources to resource groups, add users to user groups, and assign
resource groups to user groups. After a user logs in, the SSL VPN gateway finds the user groups to
which the user belongs, and checks the resource groups assigned to the user groups to determine
which resources to provide for the user.
Configuring SSL VPN at the CLI
Configuration procedure
Complete the following tasks to configure SSL VPN:
• Specify the SSL server policy to be used by the SSL VPN service. To access the SSL VPN gateway or
the internal resources, remote users need to log in to the Web interface of the SSL VPN gateway
through HTTPS. Therefore, you must specify an SSL server policy on the SSL VPN gateway so that the
gateway can determine the SSL parameters to be used for providing the SSL VPN service.
• Specify the TCP port number to be used by the SSL VPN service. The SSL VPN gateway acts as the
HTTPS server to provide the Web interface for remote users to log in.
• Enable the SSL VPN service. Remote users can access the Web interface of the SSL VPN gateway
only after the SSL VPN service is enabled on the gateway.
Follow these guidelines when you configure SSL VPN:
• If the HTTPS service and the SSL VPN service use the same port number, the two services must use
the same SSL server policy. Otherwise, you cannot enable both the services.
• When both the HTTPS service and the SSL VPN service are enabled and they use the same port
number, to modify the SSL server policy that the services use, you must first disable the two services,
modify the SSL server policy, and then enable the services again.
• When the SSL VPN service is enabled, your change to the port number or SSL server policy for the
service does not take effect. To make your change take effect, disable the SSL VPN service and then
enable it again.
Before you configure SSL VPN, create an SSL server policy. For information about SSL server policy
configuration, see System Management and Maintenance Configuration Guide.
To configure SSL VPN:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Specify the SSL server policy
and port to be used by the SSL
VPN service.
ssl-vpn server-policy
server-policy-name [ port
port-number ]
By default, no SSL server policy is
specified for the SSL VPN service
and the SSL VPN service uses TCP
port 443.
3. Enable the SSL VPN service.
ssl-vpn enable Disabled by default.