Usage of SSL-VPN is conditioned by membership of the WinRoute host in the corresponding domain (Windows NT or Active Directory). User accounts that will be used for connections to SSL-VPN must be authenticated at the domain (it is not possible to use local authentication). This implies that SSL-VPN cannot be used for accessing shared items in multiple domains or to items at hosts which are not members of any domain.
The SSL-VPN interface can be enabled/disabled on the Web Interface → SSL-VPN in the Configuration → Advanced Options section.
Click to open a dialog where port and SSL certificate for SSL-VPN can be set.
SSL-VPN's default port is port 443 (standard port of the HTTPS service).
Click to create a new certificate for the SSL-VPN service or to import a certificate issued by a trustworthy certification authority. When created, the certificate is saved as sslvpn.crt and the corresponding private key as sslvpn.key. The process of creating/importing a certificate is identical as the one for WinRoute's interface or the VPN server, addressed in detail in chapter 11.1 Web Interface Parameters Configuration.
Hint
Certificates for particular server name issued by a trustworthy certification authority can also be used for the Web interface and the VPN server — it is not necessary to use three different certificates.
Access to the SSL-VPN interface from the Internet must be allowed by defining a traffic rule allowing connection to the firewall's HTTPS service. For details, see chapter 7.4 Basic Traffic Rule Types.
Note: If the port for SSL-VPN interface is changed, it is also necessary to modify the Service item in this rule!