Granular access control of network resources, Cli configuration required to implement ssl vpn, Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual

Page 349: Configuration procedure

Advertising
background image

337

Granular access control of network resources

On the SSL VPN gateway, you can configure multiple resources and users, add resources to resource

groups, add users to user groups, and assign resource groups to user groups. After a user logs in, the SSL
VPN gateway finds the user groups to which the user belongs, and checks the resource groups assigned

to the user groups to determine which resources to provide for the user.

CLI configuration required to implement SSL VPN

To configure SSL VPN, you must perform the following operations at the CLI:

Specify the SSL server policy to be used by the SSL VPN service. To access the SSL VPN gateway or
the internal resources, remote users need to log in to the Web interface of the SSL VPN gateway

through HTTPS. Therefore, you must specify an SSL server policy on the SSL VPN gateway so that the

gateway can determine the SSL parameters to be used for providing the SSL VPN service.

Specify the TCP port number to be used by the SSL VPN service. The SSL VPN gateway acts as the
HTTPS server to provide the Web interface for remote users to log in.

Enable the SSL VPN service. Remote users can access the Web interface of the SSL VPN gateway

only after the SSL VPN service is enabled on the gateway.

This section describes the configuration that you must perform at the CLI. For the SSL VPN to function

normally, you must also perform the configuration in the Web interface, such as configuring access

resources, users, and domains. For more information about the Web configuration, see "

Web

configuration required to implement SSL VPN

."

Configuration prerequisites

Before you configure SSL VPN, create an SSL server policy. For information about SSL server policy

configuration, see Network Management Configuration Guide.

Configuration procedure

To configure SSL VPN:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Specify the SSL server

policy and port to be used
by the SSL VPN service.

ssl-vpn server-policy
server-policy-name [ port

port-number ]

By default, no SSL server policy is
specified for the SSL VPN service.
If you do not specify a port for the
SSL VPN service, TCP port 443 is

used by default.

3.

Enable the SSL VPN
service.

ssl-vpn enable

Disabled by default

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals