Can the USG firewall change the password for SSL VPN login users


The firewall can not change the password for SSL VPN login users.

Other related questions:
Whether the firewall supports configuring password change prohibition for users logging in through SSL VPN
The firewall does not support configuring password change prohibition for users logging in through SSL VPN.

Working principle of SSL VPN on the USG
Working principle of Secure Sockets Layer (SSL) VPN on the USG 1. Concept SSL is a security protocol that provides security connections for application layer protocols that are based on TCP. The SSL protocol is widely applied in fields such as e-commerce and e-banking to ensure security for data transmitted over the network. SSL can implement connection privacy, identity authentication, and connection reliability. 2. SSL The SSL protocol is composed of two layers. a. Lower-layer protocol SSL record protocol The SSL record protocol divides upper-layer data into records, compresses and calculates the records, appends message authentication codes (MACs) to the records, encrypts the records, and then transmits the records to the peer party. b. Upper-layer protocols (1) SSL handshake protocol: The client and server establish a session through the handshake protocol. The session contains a group of parameters, including the session ID, certificate of the peer party, encryption algorithm list (including the key exchange algorithm, data encryption algorithm, and MAC algorithm), compression algorithm, and primary key. The SSL session can be shared by multiple connections to reduce the session negotiation overhead. (2) SSL change cipher spec protocol: The client and server notify the recipient through the SSL change cipher spec protocol that subsequent packets are protected and transmitted based on the newly negotiated encryption algorithm list and key. (3) SSL alert protocol: used by a party to report alarm information to the other party. The message carries the alarm severity and description. 3. SSL VPN provides four types of services: a. Web proxy The web proxy allows users to access web servers on the internal network through the USG and provides HTTP-based web services for users. b. Network extension After a user installs the network extension client of the USG on the local PC, a virtual NIC is generated. The user can then conduct SSL data communication with the intranet through this virtual NIC. c. Port forwarding As a non-web application mode, port forwarding provides security access for TCP-based applications. In port forwarding, user access is controlled at the application level. d. File sharing File sharing involves providing shared resources in Windows systems that support different server protocols such as the System Management Board (SMB) protocol, or Linux systems that support the Network File System (NFS) protocol as web pages to users.

The USG firewall configures SSL VPN file shares
The USG firewall configures SSL VPN file shares The main function of file sharing is to share the resources of different system servers (such as Windows systems that support SMB protocol, Linux systems that support NFS protocol) in the form of web pages. Before the configuration to ensure that the license file has been loaded, the USG can access the internal network resources. Configuration steps: 1. In the USG to create a virtual gateway, external network users through this virtual gateway to access the enterprise network resources. 2. Configure the DNS server address and domain name of the internal network so that users can access the virtual gateway's service through the domain name. 3. Configure file sharing, add file type resources for SMB type and NFS type. 4. Configure the authentication and authorization function.

USG2000 & 5000 Import SSL VPN users from the server
Refers to the bulk import user support for local import and server import. Local import supports CSV format files; server import supports AD server, LDAP server, and TSM server import. Import users in bulk from CSV format files 1. Select "User> Internet User> User Import". 2. Select the Local Import tab. 3. In CSV Format File Import, click CSV Template to download the CSV template to the Administrator PC. 4. Read the comment text in the CSV template carefully, fill in the user information that needs to be imported, and edit the CSV format file. 5. In CSV Format File Import, click Browse, select the pre-edited CSV format file, and click Open. 6. Select the parameters in turn. 7. Click Start Import. Import users from the authentication server on a batch basis.The device only supports bulk import of users from AD, LDAP, and TSM servers. Among them, LDAP server only supports AD and Open LDAP two types. The import type supports the following: Import only users Import only the organizational unit User and organizational unit Import only security groups Use only import security groups. After you create a new server import policy, you must perform an import policy to import users (groups) on the authentication server to the device. 1. Select "User> Internet User> User Import". 2. Select the Server Import tab. 3. Click New. 4. Select or enter the parameters in turn. 5. Click Apply. If the operation is successful, a new server import policy will be added to the Server Import Policy List. 6. In the Server Import Policy List, click the row where the policy was created. 7. In the confirmation dialog box that is displayed, click Yes to immediately execute the import policy and import the user (group) information from the corresponding authentication server.

The USG firewall configures the SSL VPN session timeout
By default, the SSL session timeout period is 5 minutes. The timeout time configuration command is ssl timeout. system-view [sysname] v-gateway abc [sysname-abc] basic [sysname-abc-basic] ssl timeout 10

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top