Citrix Systems 9000 Series User Manual
Page 8
SSL VPN Overview
1-2
SSL VPN User’s Guide
The agent is installed on your computer when you log on for the first time. You
can configure it to log on directly to the gateway, without having to log on via
the Web portal. This is known as the native login mode. Alternately, you can
also log on to the gateway via the SSL VPN login page.
The SSL VPN browser plug-in is an ActiveX control. While the feature set sup-
ported by the plug-in is identical to that supported by the agent, it does not
support native login.
When either version of the SSL VPN client is downloaded on to your computer
and permitted to execute, it creates a secure channel of communication
between the local system and the SSL VPN gateway, and allows you to access
resources on the intranet that you are authorized to use. When a TCP or a UDP
application, like Telnet or Microsoft Outlook, tries to connect to a server in the
intranet, the client intercepts the connection, secures it using SSL encryption,
and redirects it to the server through the secure SSL VPN tunnel.
This behavior
extends to several applications such as FTP clients, Web browsers, soft
phones, e-mail clients, etc. You can also use ping and traceroute. This behav-
ior may vary based on the Split Tunneling configuration. For details, refer to
the Configuring Split Tunneling section.
Note By default, the TDI interception mechanism is used. When it fails, the client uses
the Winsock interception mechanism. This is also applicable for scenarios where
you do not have administrative privileges on the computer. As a result, TCP com-
pression, UDP interception, NetBios interception, HTTP delta, etc., will not be
supported.
The SSL VPN client supports both SSL 2.0, SSL 3.0, and TLS 1.0 protocols.
Based on the cipher settings on the SSL VPN gateway, the client can perform
up to 2048 bit encryption. In addition, the SSL VPN administrator can also
configure the client to ensure that certain personal firewalls and AntiVirus
applications are running on your computer. You can configure the client to
delete cached Internet files, generated on your computer during the SSL VPN
session, after the session ends.