Necessity for configuring SSL VPN certificate authentication on the firewall

26

Is SSL VPN certificate authentication necessary on the USG?
During authentication and authorization, if users are required to provide certificates for authentication, certificate configurations are required. However, they are not mandatory.

Other related questions:
The USG firewall defaults to the existence of an SSL VPN CA certificate
CA certificate needs to apply to CA certification body

Whether the firewall has an SSL VPN CA certificate by default
You need to apply for the CA certificate towards the CA.

Configuring an SSL VPN virtual gateway on the firewall
Configuring virtual gateways on the USG 1. system-view 2. v-gateway v-gateway-name { ip-address | interface interface-type interface-number } [ port port-number ] { private [ domain-name ] | public domain-name } //Create a virtual gateway. A private gateway is in exclusive mode, and a public gateway is in shared mode. 3. quit 4. v-gateway v-gateway-name ip address ip-address [ port port-number ] //Assign an IP address and a port number to the virtual gateway. Exclusive virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command adds the virtual gateway IP address. The undo v-gateway v-gateway-name ip address ip-address command deletes the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. Shared virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command changes the virtual gateway IP address. You cannot run the undo v-gateway ip address command to delete the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. If a port bound to the IP address of the virtual gateway is used for other purposes (such as web management or SSH login), the port cannot be configured as the port of the virtual gateway. 5. v-gateway v-gateway-name interface interface-type interface-number [ port port-number ] //Modify the virtual gateway interface. 6. v-gateway v-gateway-name domain domain-name //Modify the virtual gateway domain name. 7. v-gateway v-gateway-name http-redirect enable //Configure the HTTP redirection function of the virtual gateway. 8. v-gateway v-gateway-name max-user max-user //Modify the maximum number of virtual gateway users. Its default value is 1. 9. v-gateway v-gateway-name cur-max-user cur-max-user //Modify the maximum number of concurrent users of the virtual gateway. 10. v-gateway v-gateway-name max-resource max-resource //Modify the maximum number of resources on the virtual gateway. Its default value is 1.

Configuring the SSL VPN session lifetime on the firewall
The default SSL session timeout time is 5 minutes. You can run the ssl timeout command to set the timeout time. system-view [sysname] v-gateway abc [sysname-abc] basic [sysname-abc-basic] ssl timeout 10

The USG firewall configures the SSL VPN session timeout
By default, the SSL session timeout period is 5 minutes. The timeout time configuration command is ssl timeout. system-view [sysname] v-gateway abc [sysname-abc] basic [sysname-abc-basic] ssl timeout 10

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top