SonicWALL SSL VPN Configuration & Overview

SSL VPN Overview

SSL VPN (Secure Sockets Layer Virtual Private Network)allows users to remotely access restricted network resources via asecure and authenticated pathway by encrypting all network traffic and giving the appearance that the user is on the local network, regard lessof geographic location. This protocol achieves a higher level of compatibility with client platforms and configurations for remote networks and firewalls, providing a more reliable connection. While Northwestern University Information Technology (NUIT) continues to offer its traditional VPN to the University community at large, SSL VPN is the next generation of VPN service.


Who Can Use SSL VPN
  SSL VPN allows access to administrative systems, critical infrastructure, and sensitive information maintained by system administrators. SSL VPN access can be granted to University system administrators as well as vendors and other external collaborators, provided that the user has a valid NetID and password and is in an LDAP (Lightweight Directory Access Protocol) group with SSL VPN access.

Options

There are two SSL VPN options (Note: Enabled features will be determined by user need and the nature of applications and resource sthat need to be accessed):

• Web Proxy — Users access all available resources through a web-based interface. Resources appear as bookmarks on the SSL  VPN start page and secure access is granted as though the user is using  an internal IP address. Through this interface, users can access web-based applications, use file sharing, remote desktop/Citrix (Windows Only), and Telnet/SSH. Any computer with a web browser should allow you to access SSL VPN Web Proxy, and because you are working in a web interface, University resources are protected from any malware that may be on the computer, adding extra security.
• Network Connect — Users download a local VPN client that uses the SSL protocol and do not need to work through the web interface, providing additional connectivity if necessary.The Network Connect client is assigned a unique IP address from a role-specific pool of addresses, rather than the IP address that is used by Web Proxy connections. Network Connect enables split tunneling, which restricts traffic on the Northwestern network to Northwestern data and ensures all other data bypasses University systems. The SSL VPN client will be automatically updated whenever an updated version is detected.

Note: SSL VPN is intended to access resources that are restricted and not as a general access solution for resources accessible to the entire Internet.

Advanced Features

Additional advanced features are available based on user need.

• Endpoint Security Compliance — Checks a connecting computer to make sure it complies with a set of particular rules before allowing a user to log in to SSL VPN. Rules can include making sure that
  anti-virus definitions are current, checking for particular Windows configurations, scanning for a particular text file located in a specific location, or other system requirements.
• Source IP/Date/Time Restrictions — Restricts access based on location, such as no access allowed from foreign countries, or date/time, such as no access between midnight and 6 a.m. while back-ups are being made.
• Cache Cleaning — (Windows only) Deletes all temporary files upon logging out of SSL VPN.
• Virtual Sandbox User Environment — (Windows only) Configures the user's desktop automatically, preventing unauthorized access to files and applications while connected to SSL VPN; deletes temporary files and restores desktop functionality upon logging out of SSL VPN.

Published By

S.G.Godwin Dinesh.MCA
Sr.System Administrator