Specifications
Page 7/7 HTTP Proxy — Internal
The proxy should only be used by clients from the internal network. For this
reason, access is restricted to this network:
IP Filter activated
Access allowed for: 192.168.10.0/24
IPsec VPN Tunnel
Use the VPN connection module to set up VPN networks. These virtual
private networks can be regarded as a tunnel between two hosts that runs
through the Internet. This tunnel knows nothing about the information trans-
mitted in it.
The VPN networks are implemented on the SuSE Firewall on CD with IPSec.
IPsec is a protocol family enabling secure connections to be established be-
tween computers. Authentication is by means of certificates. An additional
possibility for authentication is shared keys.
Data sent through this tunnel is automatically encrypted. The certificates re-
quired for authentication are generated or imported with the certificate man-
agement of FAS, explained in Certificate Management on page 105).
Selecting the Local Certificate
In the first dialog of the module, shown in Figure 3.40 on the facing page,
select an X.509 certificate for authentication This certificate is used on the fire-
wall host for which this configuration will be used. To create certificates, see
Certificate Management on page 105.
If you do not want to use strong authentication, you do not have to use a
certificate. See Figure 3.41 on page 86.
Note
“Strong authentication” means authentication with a key and a pass
phrase.
Note
VPN Connections
In the second dialog, set up individual VPN connections. All VPNs config-
ured until now are displayed in a table.
Select ‘Add’ to set up a new VPN connection. In the dialog that appears, see
the tabs ‘General Settings’, ‘VPN Connection’, ‘Authentication’, ‘IP Filter’,
‘Masquerading’, and ‘Destination NAT’.
84 Using the FAS