D-Link DFL-260E User Manual for DFL-260E - Page 471
The SSL VPN Client Statistics, SSL VPN Client Operation
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 471 highlights
9.6.3. Installing the SSL VPN Client Chapter 9. VPN Figure 9.6. The SSL VPN Client Statistics SSL VPN Client Operation Whenever the SSL VPN client application runs, the following happens: • A route is added to the Windows routing table. This route is equivalent to a NetDefendOS default all-nets route. • The added default route directs all traffic from the Windows client through the SSL tunnel. When the Windows SSL VPN client application ends, the SSL tunnel is closed and the default route in the Windows routing table is removed, returning the routing table to its original state. • An SSL connection is made to the configured Ethernet interface on a NetDefend Firewall and the next available IP address is handed out to the client from the associated SSL VPN object's IP pool. In addition, a single route for the client is added to the NetDefendOS routing table. This route maps the handed out client IP address to the associated SSL VPN interface. • Traffic can now flow between the client and the firewall, subject to NetDefendOS IP rules. Specifying IP Rules for Traffic Flow No IP rules need to be specified for the setup of an SSL VPN tunnel itself, provided that the advanced setting SSLVPNBeforeRules is enabled. However, appropriate IP rules need to be specified by the administrator to allow traffic to flow through the tunnel. Since SSL VPN connections originate from the client side, the SSL VPN interface object should be the source interface of the IP rule and the source network should be the range of possible IP addresses that the clients can be given. Specifying the source network as all-nets would of course work but it always more secure to use the narrowest possible IP address range. For more information about specifying IP rules see Section 3.6, "IP Rules". Client Cleanup Should the SSL VPN client application terminate prematurely for some reason, the Windows routing table may not be left in a consistent state and the automatically added all-nets route may not 471