SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks



Similar documents
SonicWALL SRA Virtual Appliance Getting Started Guide

Virtual Appliance Setup Guide

Installing and Configuring vcloud Connector

BaseManager & BACnet Manager VM Server Configuration Guide

GX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

Deployment Guide: Transparent Mode

Virtual Appliance Setup Guide

F-Secure Messaging Security Gateway. Deployment Guide

GX-V. Quick Start Guide. Microsoft Hyper-V Hypervisor. Before You Begin SUMMARY OF TASKS. Before You Begin WORKSHEET VIRTUAL GMS SERVER

Stonesoft Firewall/VPN 5.4 Windows Server 2008 R2

McAfee SMC Installation Guide 5.7. Security Management Center

VCCC Appliance VMware Server Installation Guide

Common Services Platform Collector (CSPC) Self-Service - Getting Started Guide. November 2015

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Installing and Configuring vcloud Connector

VMware Identity Manager Connector Installation and Configuration

Using Device Discovery

F-Secure Internet Gatekeeper Virtual Appliance

CommandCenter Secure Gateway

NOC PS manual. Copyright Maxnet All rights reserved. Page 1/45 NOC-PS Manuel EN version 1.3

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

Barracuda Link Balancer Administrator s Guide

Required Virtual Interface Maps to... mgmt0. bridge network interface = mgmt0 wan0. bridge network interface = wan0 mgmt1

LifeSize Transit Virtual Appliance Installation Guide June 2011

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Installing the Operating System or Hypervisor

Extreme Control Center, NAC, and Purview Virtual Appliance Installation Guide

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

GMS. 1 Create the virtual machine 2 Configure the virtual machine 3 Configure the virtual GMS server. Quick Start Guide. Microsoft Hyper-V Hypervisor

VMware vcenter Support Assistant 5.1.1

Getting Started Guide

NetIQ Sentinel Quick Start Guide

Networking Guide Redwood Manager 3.0 August 2013

If you re not using VMware vsphere Client 5.1, your screens may vary.

SolarWinds Log & Event Manager

SMC INSTALLATION GUIDE

Virtual Managment Appliance Setup Guide

Trend Micro Encryption Gateway 5

Installing and Using the vnios Trial

STONEGATE 5.2 I NSTALLATION GUIDE I NTRUSION PREVENTION SYSTEM

VPN CLIENT ADMINISTRATOR S GUIDE

Virtual Appliance Setup Guide

F-SECURE MESSAGING SECURITY GATEWAY

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

How To - Implement Single Sign On Authentication with Active Directory

How To - Deploy Cyberoam in Gateway Mode

Virtual Web Appliance Setup Guide

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Product Version 1.0 Document Version 1.0-B

MultiSite Manager. Setup Guide

SSL-VPN 200 Getting Started Guide

WatchGuard Dimension v1.1 Update 1 Release Notes

Scenario: IPsec Remote-Access VPN Configuration

Backup & Disaster Recovery Appliance User Guide

VPN-1 VE Evaluation Guide

FTP, IIS, and Firewall Reference and Troubleshooting

ALOHA Load-Balancer. Virtual Appliance quickstart guide. Document version: v1.0. Aloha version concerned: v5.0.x

Configuring Global Protect SSL VPN with a user-defined port

What is the Barracuda SSL VPN Server Agent?

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

vcenter Chargeback User s Guide vcenter Chargeback 1.0 EN

OnCommand Unified Manager 6.2

Set Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Savvius Insight Initial Configuration

Microsoft Dynamics GP Release

WatchGuard Training. Introduction to WatchGuard Dimension

MultiSite Manager. Setup Guide

A Guide to New Features in Propalms OneGate 4.0

SuperLumin Nemesis. Administration Guide. February 2011

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Configure thin client settings locally

Intel Active Management Technology with System Defense Feature Quick Start Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

Setup Cisco Call Manager on VMware

How do I set up a branch office VPN tunnel with the Management Server?

Using SonicWALL NetExtender to Access FTP Servers

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

EMC Data Domain Management Center

Reference and Troubleshooting: FTP, IIS, and Firewall Information

User Manual. User Manual for Version

Mobility System Software Quick Start Guide

Quick Start Guide for VMware and Windows 7

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Network Monitoring User Guide Pulse Appliance

Barracuda Message Archiver Vx Deployment. Whitepaper

Configuring PA Firewalls for a Layer 3 Deployment

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

Release Notes for Version

VMware vcenter Log Insight Getting Started Guide

Step-by-Step Configuration

WhatsUp Gold v16.1 Installation and Configuration Guide

If you re not using Citrix XenCenter 6.0, your screens may vary. Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0

Thinspace deskcloud. Quick Start Guide

Acronis Backup & Recovery 11

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

ProSystem fx Document

OnCommand Performance Manager 1.1

CounterACT 7.0 Single CounterACT Appliance

Transcription:

SSL VPN Virtual Appliance Installation Guide Virtual Private Networks

C ONTENTS Introduction... 2 Installing the Virtual Appliance... 2 Configuring Appliance Operating System Settings... 3 Setting up the SSL VPN Appliance... 5 After Installation... 14 1

Introduction This document presents the guidelines for installing Stonesoft SSL VPN as a virtual appliance. The Stonesoft SSL VPN appliance package consists of two files: a compressed disk image file and an Open Virtual Format (OVF). The OVF file specifies how the appliance is created and connected in the virtualized environment. Installing the Virtual Appliance To prepare for installation 1. (Recommended) Create the resource pool where you will import the virtual appliance and configure it according to your requirements. For minimum system requirements, see the SSL VPN Release Notes for the version you are installing. 2. Download the license from the Stonesoft web site at https://my.stonesoft.com/ managelicense.do. 3. Download the virtual appliance package from the Stonesoft web site at https:// my.stonesoft.com/download.do. 4. Extract the files from the virtual appliance package. 5. Deploy the OVF template according to the deployment procedure for your virtualization platform. For detailed configuration instructions, see the product documentation for your virtualization platform. 6. Map the networks defined in the OVF template to the networks in your virtualized environment. 2 Contents

Configuring Appliance Operating System Settings To configure appliance operating system settings 1. Right-click the virtual machine and select Power Power on. The virtual appliance starts up. 2. Right-click the virtual machine and select Open Console. The appliance command line interface opens and the Engine Configuration Wizard starts. 3 3. Highlight the entry field for Keyboard Layout and press Enter. The Select Keyboard Layout dialog opens. 4 4. Highlight the correct layout and press Enter. Note If the desired keyboard layout is not available, use the best-matching available layout, or select US_English. 5 5. Highlight the entry field for Local Timezone and press Enter. 6. Select the correct timezone in the dialog that opens. Note The timezone setting affects only the way the time is displayed on the engine command line. The actual operation always uses UTC time. Configuring Appliance Operating System Settings 3

7 8 9 10 7. Enter the Host Name of the SSL VPN engine. 8. Highlight the entry field for Web Console and SSL-VPN Admin Password and press Enter to change the password that the user admin uses to access the SSL VPN Web Console. By default, the password is Pass1234. We strongly advise you to change the password either in this dialog or after logging in to the Web Console for the first time. 9. Enter the Web Console IP Address and the Web Console IP Netmask. The default IP address of the Web Console is 192.168.100.1. If you want to use the default IP address, configure the computer you use for connecting to the Web Console to use an IP address in the same network (192.168.100.0/24). 10.(Optional) Highlight Enable SSH Daemon and press the spacebar to select the option and allow remote access to engine command line using SSH. Note It is not necessary to enable the SSH daemon now for ongoing management. You can also set this option through the SSL VPN Web console. We recommend that you enable the SSH access in the Web Console only when needed and disable the access again when you are done. 11.Highlight Finish and press Enter. The Engine Configuration Wizard closes. 4 Contents

Setting up the SSL VPN Appliance Logging in to the Web Console The Web Console is used for interface configuration and other basic operating-system-level settings. Make sure your client machine is connected to the same network segment as the Stonesoft SSL VPN virtual appliance management interface (Network Adapter 1). The client must have a display, mouse, keyboard, and a graphical user interface with a web browser. To log in to the Web Console 1. Enter the following address in a web browser: https://<web Console IP Address>:10000. The login for the Web Console opens. If you did not change the Web Console IP address in the Engine Configuration Wizard, the address is the default Web Console address https://192.168.100.1:10000). 2. Log in with the username admin and the Web Console password you set in the Engine Configuration Wizard. Setting System Time System time must be set correctly for proper operation. The system time is used in access rules, certificate validity checking, and log entries, for example. To set the system time 1. Browse to Hardware System Time. 4 2. Select the correct Time Zone and click Save. 3. Change the time in the System Time section and click Apply. 4. Click Copy from system time to synchronize the times. Setting up the SSL VPN Appliance 5

Configuring Network Interfaces You must add at least one interface in addition to the eth 0 management interface. A typical configuration requires two or more additional interfaces. If you plan to create a pair of mirrored virtual appliances, note that in a mirrored setup, the eth1 interface must be dedicated for communications between the pair of mirrored appliances (for instructions on how to set up a pair of mirrored appliances, see the SSL VPN Administrator's Guide). To configure network interfaces 1. Browse to Networking Network Configuration and click the Network Interfaces icon. The Network Interfaces page opens. 2 2. Click Add a new interface below the interface table. The Create Bootup Interface view opens. 5 6 Contents 3. Configure the interface details according to your network setup. The typical setting for Activate at boot is Yes. If you set this option to No, the interface is disabled until you change this setting and reboot or manually apply the boot-time configuration on the main Network Interfaces page. 4. Click Create to save your changes or Create and Apply to save your changes and activate the new interface. 5. (Optional) To add IP addresses to the physical interface, click the interface name in the Activated at Boot Time table and click Add Virtual Interface. Fill in the details of the virtual interface according to your network setup and click Create to save your changes or Create and Apply to also activate the new interface. You can add more virtual interfaces to the same physical interface. The number of virtual interfaces is shown in front of the Add Virtual Interface action in Virtual Interfaces.

Add all necessary interfaces as explained above. The interfaces are activated when you reboot the appliance or through the Apply Selected Interfaces action on the Network Interfaces page. Configuring Routing To configure routing 1. Browse to Networking Network Configuration and click the Routing and Gateways icon. The Routing page opens. Boot time configuration 2. Configure the default Routing configuration activated at boot time according to your network setup. If the default gateway s IP address is assigned by a DHCP server, leave the selection as None (or from DHCP), select the correct network interface Device, and click Save. If the default gateway has a static IP address, select Gateway and enter the IP address. Select the Device, and click Save. 3. (Optional) Add any other routes to the Routing configuration activated at boot time according to the type of route: Type of Route Routes to a network that is routed through a next-hop gateway (such as a router) Routes to devices that are connected directly (such as through a hub or directly through a crossover cable) Configuration Configure all of the Static Routes settings according to your network environment and click Save without changing any other settings. Configure all of the Local Routes settings according to your network environment and click Save without changing any other settings. Setting up the SSL VPN Appliance 7

4. (Optional) If you want to add temporary routes that are not preserved when the device reboots, configure the Create Active Route settings as described below and click Create to add and activate the route immediately. Setting Route Destination Netmask for destination Route via Configuration Select the Default route (where all traffic without more specific routing definition is sent) or enter a specific network or IP address. Select the Default netmask or enter a specific netmask. Select an existing Network interface (for directly connected networks) or enter the IP address of a Gateway (for a next-hop router to which the traffic is forwarded). The routes added in the Route configuration activated at boot time section are activated when you reboot the appliance. Configuring DNS Settings If you want services to be available by domain names as well as IP addresses, you must configure the DNS settings as instructed below. To configure DNS settings 1. Browse to Networking Network Configuration and click the Hostname and DNS Client icon. 2. Enter the Hostname of the appliance. 3. Enter the IP addresses (one IP address per field) of your DNS Servers. 4. (Optional) Select the Resolution order (from left to right) in which the addresses are queried from different sources. 5. (Optional) In Search domains, select Listed and enter your domain name (for example, example.com). Generating a Certificate Authentication in SSL is based on certificates as the proof of identity. The appliance contains a factory-installed certificate that allows testing in a closed network. When installing the appliance for other use, you must always generate a working certificate. Caution Never use the factory-installed standard keys and certificates for anything other than testing in a closed environment! If you do not generate new keys and certificates, the security of the system is severely compromised. The procedure below explains how to generate a certificate request using the tools included with the appliance. Other tools may be used. The certificate must be in the.pem format. See the SSL VPN Administrator's Guide for more information on certificates. 8 Contents

To generate a certificate request 1. While still connected to the appliance, open the SSL VPN Administrator interface (https:// <SSL VPN IP Address>:8443) in a web browser. 2 2. Click the Certificate Request For Windows or For Linux link according to your operating system to download certificate-related tools to your workstation. 3. Extract all the files in the.zip archive to the same location. 4. Open a command line and run the makescr script that was extracted from the archive. 5. Fill in the required details. See Creating a Certificate Request for more detailed information. The following files are generated: server.csr: the certificate request file that is used to generate the actual certificate. private.pk8: the private certificate key that you must import to Stonesoft SSL VPN. private.key: the private certificate key in an alternative format. You can delete this file. 6. Send the server.csr certificate request for signing to the certificate authority or sign it using an internal certificate authority (CA) that you maintain. 7. When you have the signed certificate, import it to the Stonesoft SSL VPN Administrator and activate it for the Administration Service and Access Point. See the chapters Logging In to the Web Console, and Importing Certificate Keys and Certificates in the SSL VPN Administrator's Guide. Setting up the SSL VPN Appliance 9

Logging In to the Stonesoft SSL VPN Administrator To log in to the Stonesoft SSL VPN Administrator 1. Click Log On. 1 2. Log on with the following credentials: Username: admin. Password: <password for the admin account>. What s Next? If you have not yet changed the administrator password from the default, proceed to Changing the Super Administrator Password. Otherwise, proceed to Importing a License (page 11). Changing the Super Administrator Password To change the super administrator password 1. Scroll down to the bottom of the page and click Manage Settings. 2. Enter the Super Administrator Current Password. 3. Enter and verify a secure Super Administrator New Password. 4. Click Save. 10 Contents

Importing a License For the initial configuration of the appliance, you must import the SSL VPN license through the Stonesoft SSL VPN Administrator. If you later connect the appliance to the Stonesoft Management Center, you can optionally manage the licenses also through the Stonesoft Management Client. See the Administrator s Guide or the Management Client Online Help for more information. To import a license 1. Browse to Monitor System License. 1 3 2. Scroll down to the end of the license information page and click Browse. 3. Select and import your license file. Setting up the SSL VPN Appliance 11

Importing Certificate Keys and Certificates Note If your certificate is a bundled certificate, which may contain intermediate certificates, you must split the certificate before adding it to the Stonesoft SSL VPN Administrator. See Adding Bundled Certificates for information on how to do this. To import a certificate key and certificate 1. Browse to Manage System Certificates. 2 2. Click Add Server Certificate and configure the following settings: Setting Display Name Certificate Key Password Configuration Enter the name you want to give to the certificate for display in the Stonesoft SSL VPN Administrator interface. Browse and select the signed certificate file. Browse and select the private certificate key file (private.pk8). If you protected the certificate key with a password when you generated it, enter the password. 3. Click Save. This imports the certificate, but the certificate is not activated yet. 12 Contents

Activating the Certificate To activate the certificate 1. Browse to Manage System Administration Service. 2 2. Select the Server Certificate and click Save. 3. Browse to Manage System Access Points. 4 4. Click Access Point. The Access Point properties open. Setting up the SSL VPN Appliance 13

5 5. Select the Server Certificate and click Save. After Installation After importing the license and the working certificate, your SSL VPN system is ready to be configured with additional administrator accounts and the user accounts and services that you want the appliance to provide in your network. Step-by-step instructions can be found in the SSL VPN Administrator's Guide and the SSL VPN Administrator Online Help. Configuration Overview 1. Create an external user storage for SSL VPN user accounts. 2. Create user groups and users. Accounts for both administrator users and end-users are created in the same way. Administrator access can be controlled with access rules based on user groups. 3. Define access rules for allowing access to the services on the virtual appliance. 4. Define the services you want to offer. In addition to other services, you can also configure the Web Console and the Stonesoft SSL VPN Administrator to be accessible remotely through the Application Portal. 14 Contents

Stonesoft Guides Administrator s Guides - step-by-step instructions for configuring and managing the system. Installation Guides - step-by-step instructions for installing and upgrading the system. Reference Guides - system and feature descriptions with overviews to configuration tasks. User's Guides - step-by-step instructions for end-users. For more documentation, visit www.stonesoft.com/support/ Stonesoft Corporation Itälahdenkatu 22 A FI-00210 Helsinki Finland Tel. +358 9 476 711 Fax +358 9 4767 1349 Stonesoft Inc. 1050 Crown Pointe Parkway Suite 900 Atlanta, GA 30338 USA Tel. +1 770 668 1125 Fax +1 770 668 1131 Copyright 2012 Stonesoft Corporation. All rights reserved. All specifications are subject to change.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information