Whether the firewall supports configuring password change prohibition for users logging in through SSL VPN

0

The firewall does not support configuring password change prohibition for users logging in through SSL VPN.

Other related questions:
Can the USG firewall change the password for SSL VPN login users
The firewall can not change the password for SSL VPN login users.

Whether the firewall supports configuring both L2TP VPN and SSL VPN
Yes.

Whether the USG supports resource access control for SSL VPN users
The USG controls the resources accessible to SSL VPN users. On the USG2000 or USG5000, access control policies can be configured. There are three types of access control policies: 1. Source IP address: The USG determines whether a user can access internal resources based on the source IP address. 2. Destination IP address: The USG determines whether a user can access internal resources based on the destination IP address and port. 3. Uniform resource locator (URL): The USG determines whether a user can access internal resources based on the resource URL. Access control policies can apply to users or user groups. On the USG6000, access control can be implemented based on roles. The details are as follows: 1. Service enablement: Specify services available for specified roles, including web proxy, network extension, file sharing, and port forwarding. 2. Resource authorization: Specify accessible resources if a specified service is enabled. If no resource is specified, users of the specified role cannot access any resources. After the network extension service is enabled, users can access all IP resources.

Configuring an SSL VPN virtual gateway on the firewall
Configuring virtual gateways on the USG 1. system-view 2. v-gateway v-gateway-name { ip-address | interface interface-type interface-number } [ port port-number ] { private [ domain-name ] | public domain-name } //Create a virtual gateway. A private gateway is in exclusive mode, and a public gateway is in shared mode. 3. quit 4. v-gateway v-gateway-name ip address ip-address [ port port-number ] //Assign an IP address and a port number to the virtual gateway. Exclusive virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command adds the virtual gateway IP address. The undo v-gateway v-gateway-name ip address ip-address command deletes the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. Shared virtual gateway: v-gateway v-gateway-name ip address ip-address [ port port-number ] command: If the entered IP address is the existing IP address of the virtual gateway, this command changes the virtual gateway port number. If the entered IP address is not the IP address of the virtual gateway, this command changes the virtual gateway IP address. You cannot run the undo v-gateway ip address command to delete the IP address of the virtual gateway. The v-gateway v-gateway-name ip address old-ip-address new-ip-address [ port port-number ] command changes the IP address of the virtual gateway. If a port bound to the IP address of the virtual gateway is used for other purposes (such as web management or SSH login), the port cannot be configured as the port of the virtual gateway. 5. v-gateway v-gateway-name interface interface-type interface-number [ port port-number ] //Modify the virtual gateway interface. 6. v-gateway v-gateway-name domain domain-name //Modify the virtual gateway domain name. 7. v-gateway v-gateway-name http-redirect enable //Configure the HTTP redirection function of the virtual gateway. 8. v-gateway v-gateway-name max-user max-user //Modify the maximum number of virtual gateway users. Its default value is 1. 9. v-gateway v-gateway-name cur-max-user cur-max-user //Modify the maximum number of concurrent users of the virtual gateway. 10. v-gateway v-gateway-name max-resource max-resource //Modify the maximum number of resources on the virtual gateway. Its default value is 1.

Configuring the SSL VPN session lifetime on the firewall
The default SSL session timeout time is 5 minutes. You can run the ssl timeout command to set the timeout time. system-view [sysname] v-gateway abc [sysname-abc] basic [sysname-abc-basic] ssl timeout 10

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top