Kerio clientless ssl-vpn (windows), Configuration of winroute's ssl-vpn, Configuration of winroute’s ssl-vpn – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 335: Chapter 24, 1 configuration of winroute’s ssl-vpn

Advertising
background image

335

Chapter 24

Kerio Clientless SSL-VPN (Windows)

Kerio Clientless SSL-VPN (thereinafter “SSL-VPN”) is a special interface used for secured remote

access to shared items (files and folders) in the network protected by WinRoute via a web

browser. This interface is available only in WinRoute on Windows.

To a certain extent, the SSL-VPN interface is an alternative to Kerio VPN Client (see chapter

23

).

Its main benefit is that it enables an immediate access to a remote network from any location

without any special application having been installed and any configuration having been per-

formed (that’s the reason for calling it clientless). The main disadvantage of this alternative is

that network connections are not transparent. SSL-VPN is, in a manner, an alternative to the

My Network Places system tool ) — it does not enable access to web servers or other services

in a—remote network.

SSL-VPN is suitable for an immediate access to shared files in remote networks in such envi-

ronments where it is not possible or useful to use Kerio VPN Client.

This chapter addresses configuration details needed for proper functionality of the SSL-VPN

interface. The SSL-VPN interface is described thoroughly in the Kerio WinRoute Firewall —

User’s Guide.

24.1 Configuration of WinRoute’s SSL-VPN

SSL-VPN interface requirements

For proper functionality of the SSL-VPN interface, the following conditions must be met:

1.

The WinRoute host must be a member of the corresponding domain (Windows NT or Active

Directory domain).

2.

User accounts that will be used for connections to SSL-VPN must be authenticated at the

domain (it is not possible to use local authentication). This implies that the SSL-VPN

interface cannot be used for accessing shared items in multiple domains or to items at

hosts which are not members of any domain.

3.

Users who are supposed to be allowed to access the SSL-VPN interface needs the right to

use Clientless SSL-VPN in WinRoute (see chapter

15.2

).

4.

If WinRoute is installed on the domain server, the corresponding users need to be allowed

to log on to the server locally. Local logon can be allowed under Domain Controller Security

Policy. For details, refer to

our Knowledge Base

.

Advertising
Popular Brands
Popular manuals