USG firewall SSL VPN Intranet server access number is limited by the firewall specification

15

Not subject to firewall specifications

Other related questions:
Whether the number of users accessible to the SSL VPN intranet server is restricted by the firewall specifications
It is not restricted by the firewall specification.

The USG firewall configures the maximum number of concurrent SSL VPNs
USG firewall configuration ssl vpn maximum number of concurrent users V-gateway cur-max-user Use the v-gateway cur-max-user command to modify the maximum number of concurrent users of the virtual gateway. By default, the maximum number of concurrent users is the number of concurrent users available for the system license. Use the undo v-gateway cur-max-user command to delete the maximum number of concurrent users and restore the default value. Command format V-gateway v-gateway-name cur-max-user cur-max-user Undo v-gateway v-gateway-name cur-max-user Parameter Description V-gateway-name virtual gateway name. Cur-max-user cur-max-user The maximum number of concurrent users that a virtual gateway can connect to. user's guidance The number of concurrent users supported by the USG is controlled by the system license. The number of virtual gateway concurrent users created by each virtual gateway is limited by the total number of concurrent users. The maximum number of concurrent users of the virtual gateway is less than the maximum number of virtual gateway users. By default, the maximum number of concurrent users of a virtual gateway is as follows: If the virtual gateway has set the number of concurrent users, then the number of concurrent users of the new virtual gateway is the number of concurrent users available for the system license. If no virtual gateway has set the number of concurrent users, the number of concurrent users of the new virtual gateway is the number of concurrent users allowed by the system license. Use examples System-view [Sysname] v-gateway abc cur-max-user 20 // modify the virtual gateway abc maximum number of concurrent users to 20.

Working principle of SSL VPN on the USG
Working principle of Secure Sockets Layer (SSL) VPN on the USG 1. Concept SSL is a security protocol that provides security connections for application layer protocols that are based on TCP. The SSL protocol is widely applied in fields such as e-commerce and e-banking to ensure security for data transmitted over the network. SSL can implement connection privacy, identity authentication, and connection reliability. 2. SSL The SSL protocol is composed of two layers. a. Lower-layer protocol SSL record protocol The SSL record protocol divides upper-layer data into records, compresses and calculates the records, appends message authentication codes (MACs) to the records, encrypts the records, and then transmits the records to the peer party. b. Upper-layer protocols (1) SSL handshake protocol: The client and server establish a session through the handshake protocol. The session contains a group of parameters, including the session ID, certificate of the peer party, encryption algorithm list (including the key exchange algorithm, data encryption algorithm, and MAC algorithm), compression algorithm, and primary key. The SSL session can be shared by multiple connections to reduce the session negotiation overhead. (2) SSL change cipher spec protocol: The client and server notify the recipient through the SSL change cipher spec protocol that subsequent packets are protected and transmitted based on the newly negotiated encryption algorithm list and key. (3) SSL alert protocol: used by a party to report alarm information to the other party. The message carries the alarm severity and description. 3. SSL VPN provides four types of services: a. Web proxy The web proxy allows users to access web servers on the internal network through the USG and provides HTTP-based web services for users. b. Network extension After a user installs the network extension client of the USG on the local PC, a virtual NIC is generated. The user can then conduct SSL data communication with the intranet through this virtual NIC. c. Port forwarding As a non-web application mode, port forwarding provides security access for TCP-based applications. In port forwarding, user access is controlled at the application level. d. File sharing File sharing involves providing shared resources in Windows systems that support different server protocols such as the System Management Board (SMB) protocol, or Linux systems that support the Network File System (NFS) protocol as web pages to users.

The USG firewall configures the SSL VPN session timeout
By default, the SSL session timeout period is 5 minutes. The timeout time configuration command is ssl timeout. system-view [sysname] v-gateway abc [sysname-abc] basic [sysname-abc-basic] ssl timeout 10

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top