Configuring the SSL VPN session lifetime on the firewall

4

The default SSL session timeout time is 5 minutes.
You can run the ssl timeout command to set the timeout time.
system-view
[sysname] v-gateway abc
[sysname-abc] basic
[sysname-abc-basic] ssl timeout 10

Other related questions:
The USG firewall configures the SSL VPN session timeout
By default, the SSL session timeout period is 5 minutes. The timeout time configuration command is ssl timeout. system-view [sysname] v-gateway abc [sysname-abc] basic [sysname-abc-basic] ssl timeout 10

IPSec VPN lifetime on the firewall
Interfaces supported by IPSec VPN reference on the USG IPSec can be applied to Layer 3 physical interfaces, VLANIF interfaces, Layer 2 interfaces, tunnel interfaces, subinterfaces, and dialer interfaces. 1. Apply an IPSec policy on a Layer 3 physical interface. system-view //Access the system view. interface interface-type interface-number //Access the physical interface. ipsec policy policy-name [ auto-neg ] //Apply the IPSec policy. 2. Apply an IPSec policy on a Layer 2 physical interface. system-view //Access the system view. interface interface-type interface-number //Access the physical interface. ipsec policy policy-name [ auto-neg ] //Apply the IPSec policy. Note: Before you establish an IPSec tunnel on a Layer 2 interface, you must first configure the IP address of the VLAN on which the Layer 2 interface resides. 3. Apply an IPSec policy group to a tunnel interface. system-view interface tunnel tunnel-number //Access the tunnel interface view. tunnel-protocol ipsec //Set the encapsulation type on the tunnel interface to IPSec. ipsec policy policy-name //Apply the IPSec policy group to the tunnel interface.

Configuring SSL VPN parameters for the USG
Configure SSL parameters. Configure the SSL version supported by the USG, encryption suite, session timeout duration, and life cycle. You can retain the default values. Procedure: system-view v-gateway v-gateway-name //Access the virtual gateway view. basic, //Access the basic virtual gateway view. ssl version { sslv30+tlsv10 | tlsv10 } //Configure the SSL version supported by the USG. By default, the USG supports SSL3.9 and TLS1.0. ssl ciphersuit { allciphersuit | custom { aes256-sha | non-aes256-sha } { des-cbc3-sha | non-des-cbc3-sha } { rc4-sha | non-rc4-sha } { rc4-md5 | non-rc4-md5 } { aes128-sha | non-aes128-sha } { des-cbc-sha | non-des-cbc-sha } } //Configure the SSL encryption suite. ssl timeout time //Configure the SSL session timeout duration. ssl lifecycle { time | no-time-limit } //Configure the SSL life cycle. ssl session-reuse enable //Enable the SSL session reuse function. Follow-up processing display ssl //View SSL configuration.

Configuring an SSL VPN virtual gateway on the firewall
Configuring virtual gateways on the USG 1. system-view 2. v-gateway v-gateway-name { ip-address | interface interface-type interface-number } [ port port-number ] { private [ domain-name ] | public domain-name } //Create a virtual gateway. A private gateway is in exclusive mode, and a public gateway is in shared mode. 3. quit 4. v-gateway v-gateway-name ip address ip-address [ port port-number ] //Assign an IP address and a port number to the virtual gateway. Exclusive virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command adds the virtual gateway IP address. The undo v-gateway v-gateway-name ip address ip-address command deletes the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. Shared virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command changes the virtual gateway IP address. You cannot run the undo v-gateway ip address command to delete the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. If a port bound to the IP address of the virtual gateway is used for other purposes (such as web management or SSH login), the port cannot be configured as the port of the virtual gateway. 5. v-gateway v-gateway-name interface interface-type interface-number [ port port-number ] //Modify the virtual gateway interface. 6. v-gateway v-gateway-name domain domain-name //Modify the virtual gateway domain name. 7. v-gateway v-gateway-name http-redirect enable //Configure the HTTP redirection function of the virtual gateway. 8. v-gateway v-gateway-name max-user max-user //Modify the maximum number of virtual gateway users. Its default value is 1. 9. v-gateway v-gateway-name cur-max-user cur-max-user //Modify the maximum number of concurrent users of the virtual gateway. 10. v-gateway v-gateway-name max-resource max-resource //Modify the maximum number of resources on the virtual gateway. Its default value is 1.

Whether the firewall supports configuring both L2TP VPN and SSL VPN
Yes.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top