Using the FDO Remote Access Portal Introduction The ODS NITOAD Branch has implemented a Juniper Networks secure sockets layer (SSL) virtual private network (VPN) solution at the national gateways to provide a means of secure remote access by FDO users. The Juniper device provides an SSL portal which can be used to securely access DWAN resources from anywhere on the Internet using the most popular browsers and without the need to pre-load a client software program. The device also provides a traditionally installed SSL VPN client called Network Connect for network remote access. Requirements VPN access privileges (contact your CSA to request VPN access privileges) Computer running Windows XP/Vista/7, 32 or 64 bit versions (The SSL VPN works with MacOS and Linux, however no national support for Mac or Linux users is available) Java Virtual Machine installed on the computer A web browser (IE and Firefox have been tested) Administrative user privilege (* Required for the Network Connect feature only) Note: Other operating systems and browsers, as well as PDAs, may work but have not been tested and cannot be supported at the national level due to the many combinations available for use. Timeout Settings Timeout values are set for the SSL VPN for security purposes. If no traffic passes over the SSL VPN connection for 30 minutes, the SSL VPN session will automatically end (idle timeout). In addition, the maximum amount of time allowed for any single SSL VPN session is 10 hours (max session length). You will receive a warning 5 minutes prior to being automatically logged out by the system. The warning pop up window may be masked by other application windows you are running. Connecting to the FDO Remote Access Portal Note: The following instructions were written for the Internet Explorer browser. Steps 1 and 2 need only be performed once. Subsequent connections can begin with step 3. If steps 1 and 2 were completed for the Cisco SSL VPN client, then there is no need to repeat them. 1. Add the site https://*.fd.org as a trusted site in Internet Explorer: Go to Tools Internet Options Trusted Sites. The Internet Options window opens. Click the Security tab. Click the Trusted Sites Icon.
Click the Sites button. The Trusted Sites window opens. Enter the host name https://*.fd.org. Click the Add button. Click the OK button. The Trusted Sites window closes. Click the OK button in the Internet Options window. 2. Add the FDO root CA certificate to the Windows certificate store: Open your browser and go to http://fdoca.fd.org. This URL is accessible whether you are connected internally or external to the DWAN.
Click on the following link: Click this link to install the Federal Defender Organizations Root Certificate. The File Download: Security Warning window will open. Click the Open button on this window.
The Certificate window will open. Click the Install Certificate button on this window. The Certificate Import Wizard will open. Click Next on the Welcome to the Certificate Import Wizard screen.
The Certificate Import Wizard will open. Click the option to Place all certificates in the following store. Click the Browse button to select the certificate store Select the Trusted Root Certification Authorities Click the OK button on the Select Certificate Store window
Click the Next button on the Certificate Import Wizard Click Finish on the Completing the Certificate Import Window.
A Security Warning window will pop up asking if you want to install the certificate Click Yes on the Security Warning window You should receive a message that the certificate was successfully installed. Click OK to close the Certificate window. Close the browser session for the http://fdoca.fd.org. 3. Connect to the FDO Juniper SSL VPN to establish the SSL VPN session. Note: VPN connections must be made from a computer that is connected to the Internet external to the DWAN (such as a home, hotel, or other public Internet connection). Open your web browser and go to one of the following addresses: https://vpneast.fd.org https://vpnwest.fd.org Note: If you use http:// you will be redirected to the secure https:// address. This should bring you to the SSL VPN Service Login Screen. Log in using your Lotus Notes credentials (Firstname <space> Lastname).
Enter your user credentials at the sign in page of the FDO Remote Access Portal. Once successfully authenticated, the browser window will show the FDO Remote Access Portal for your district. Instructions for using the portal are included in the next section.
Notice the browser message bar asking to install the JuniperSetupClient.cab add-on. Click on the bar and choose the option to install the add-on. 4. Signing out of the FDO Remote Access Portal session when you are finished. The Remote Access Portal toolbar will be displayed in the SSL Portal window while you are logged in. When you are finished using the Remote Access Portal session, it is important to sign out of your session. Sign out of the session by clicking the Sign Out icon on the toolbar. Simply closing the browser window will not disconnect the SSL VPN client portal session. If you fail to sign out properly, you might receive the following warning the next time you sign on that there is already another user session in progress. Simply click on the Continue the Session button if this occurs. Using to the FDO Remote Access Portal Seeing the FDO Remote Access Portal Home Screen means you have successfully connected to the DWAN. The Home button in the portal toolbar will always take you back to the home screen. From this screen, you can access most DWAN web servers and web-enabled applications. These can be reached by using the blank address bar under the Home icon and clicking on the Browse button to select the location of your choice. A detailed user guide can be accessed at any time by clicking on the Help icon on the toolbar. A quick reference guide on using the browser bar is provided by clicking on the tips link next to the Browse button.
Several important sites have already been bookmarked for you including Lotus Notes inotes webmail and Lotus Notes Sametime. More sites may be automatically bookmarked in the future. Simply click on these bookmarks to access these applications securely through the portal. You can add additional personal bookmarks once you have browsed to those web pages or servers. The Juniper SSL VPN is optimized for web applications and services. Therefore, some applications and programs might not work well from this page. The Network Connect feature can be used for applications requiring more complex resources. Network Connect The Network Connect feature of the FDO Juniper Remote Access Portal will dynamically download and install a small traditional SSL VPN client on your computer. This client works like the Cisco SSL VPN client that the FDO used previously. Since the Network Connect feature will install and run software external to the SSL browser portal, the user must have administrative privileges on the client machine to use Network Connect. You may need to click through (accept) some warning boxes that pop up. It is safe to agree to these. The next time you use the SSL VPN from the same computer, the process will go much quicker since nothing additional will need to be installed. When the Network Connect service is connected, you should also see a small blinking icon on the system tray in the lower right hand side of your screen. This is the network icon indicating that you are using Network Connect. Once connected via Network Connect, you will be assigned an IP address. You should be able to access and use most DWAN resources and run client software as you did with the Cisco VPN client. When you are done using the SSL VPN, you should sign out. You can do this by right clicking on the icon in the system tray and choosing Sign Out from the pop-up menu. There is also a Sign Out tab on the far right side of the browser bar. Network Connect is installed as an application on the client machine the first time it is started from the FDO Remote Access Portal. There is no need to sign in to the portal again to use Network Connect after the initial use. It can simply be started from the Start menu like any other installed application as needed.
MacOS and Linux Connections The same basic concepts should work on MacOS X and Linux desktops. Both require a version of Java Runtime to be installed. Safari on the Mac reportedly works fine. As noted before, support for Mac and Linux systems is not available at the national level at this time.