Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS336Gv1
121122123124125126127128129130
6-1
v1.0, January 2010
Chapter 6
Virtual Private Networking Using SSL
The ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G provides a hardware-
based SSL VPN solution designed specifically to provide remote access for mobile users to their
corporate resources, bypassing the need for a pre-installed VPN client on their computers. Using
the familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions,
the VPN firewall can authenticate itself to an SSL-enabled client, such as a standard web browser.
Once the authentication and negotiation of encryption information is completed, the server and
client can establish an encrypted connection. With support for 10 concurrent sessions, users can
easily access the remote network for a customizable, secure, user portal experience from virtually
any available platform.
This chapter contains the following sections:
“Understanding the Portal Options” on this page
“Planning for SSL VPN” on page 6-2
“Creating the Portal Layout” on page 6-3
“Configuring Domains, Groups, and Users” on page 6-7
“Configuring Applications for Port Forwarding” on page 6-7
“Configuring the SSL VPN Client” on page 6-10
“Using Network Resource Objects to Simplify Policies” on page 6-13
“Configuring User, Group, and Global Policies” on page 6-15
Understanding the Portal Options
The VPN firewall’s SSL VPN portal can provide two levels of SSL service to the remote user:
•VPN Tunnel
The VPN firewall can provide the full network connectivity of a VPN tunnel using the remote
users browser in the place of a traditional IPsec VPN client. The SSL capability of the users
browser provides authentication and encryption, establishing a secure connection to the VPN
firewall.