Kerio Tech Firewall6 User Manual

Chapter 24

Kerio Clientless SSL-VPN

364

Click Advanced to open a dialog where port and SSL certificate for SSL-VPN can be set.

Figure 24.2

Setting of TCP port and SSL certificate for SSL-VPN

SSL-VPN’s default port is port 443 (standard port of the HTTPS service).

Click Change SSL Certificate to create a new certificate for the SSL-VPN service or to import

a certificate issued by a trustworthy certification authority. When created, the certificate is

saved as sslvpn.crt and the corresponding private key as sslvpn.key. The process of cre-

ating/importing a certificate is identical as the one for WinRoute’s interface or the VPN server,

addressed in detail in chapter

11.1

.

Hint

Certificates for particular server name issued by a trustworthy certification authority can also

be used for the Web interface and the VPN server — it is not necessary to use three different

certificates.

Allowing access from the Internet

Access to the SSL-VPN interface from the Internet must be allowed by defining a traffic rule

allowing connection to the firewall’s HTTPS service. For details, see chapter

7.4

.

Figure 24.3

Traffic rule allowing connection to the SSL-VPN interface

Note: If the port for SSL-VPN interface is changed, it is also necessary to modify the Service

item in this rule!