D-Link DFL-260E User Manual for DFL-260E - Page 475
Certificate Validation Components, CA Server Access by Clients
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 475 highlights
9.7. CA Server Access Chapter 9. VPN The same steps should be followed if the other side of the tunnel is another firewall instead of being many clients. 3. The CA server is a commercial server on the public Internet. In this, the simplest case, public DNS servers will resolve the FQDN. The only requirement is that NetDefendOS will need to have at least one public DNS server address configured to resolve the FQDNs in the certificates it receives. • It must be also possible for an HTTP PUT request to pass from the validation request source (either the NetDefend Firewall or a client) to the CA server and an HTTP reply to be received. If the request is going to pass through the NetDefend Firewall, the appropriate rules in the NetDefendOS IP rule set need to be defined to allow this traffic through. IP rules are not required if it NetDefendOS itself that is issuing the request to the CA server. Actions taken by NetDefendOS are trusted by default. This is a general rule that also applies to DNS resolution requests issued by NetDefendOS. Figure 9.7. Certificate Validation Components CA Server Access by Clients In a VPN tunnel with roaming clients connecting to the NetDefend Firewall, the VPN client software may need to access the CA server. Not all VPN client software will need this access. In the Microsoft clients prior to Vista, CA server requests are not sent at all. With Microsoft Vista validation became the default with the option to disable it. Other non-Microsoft clients differ in the way they work but the majority will attempt to validate the certificate. 475