Cp r71 Sslvpn Admin Guide

  • View
    1.306

  • Download
    0

Embed Size (px)

Text of Cp r71 Sslvpn Admin Guide

SSL VPNR71Administration Guide24 June 2010

More InformationThe latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=10322 For additional technical information about Check Point visit Check Point Support Center (http://supportcenter.checkpoint.com).

FeedbackCheck Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on SSL VPN R71 Administration Guide).

2010 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Please refer to our Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Please refer to our Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights.

ContentsIntroduction to SSL VPN ........................................................................................6 Overview of SSL VPN ......................................................................................... 6 SSL VPN Applications ......................................................................................... 6 SSL VPN Management ....................................................................................... 7 SSL Network Extender ........................................................................................ 7 SSL Network Extender Network Mode ............................................................ 7 SSL Network Extender Application Mode........................................................ 7 Commonly Used Concepts .................................................................................. 7 Authentication ................................................................................................. 8 Authorization ................................................................................................... 8 Endpoint Compliance Scanner........................................................................ 8 Secure Workspace ......................................................................................... 8 Protection Levels ............................................................................................ 8 Session ........................................................................................................... 9 SSL VPN Security Features ................................................................................ 9 Server Side Security Highlights....................................................................... 9 Client Side Security Highlights ........................................................................ 9 User Workflow ....................................................................................................10 Signing In.......................................................................................................10 First time Installation of ActiveX and Java Components .................................10 Language Selection .......................................................................................11 Initial Setup ....................................................................................................11 Accessing Applications ..................................................................................11 Getting Started with SSL VPN ..............................................................................12 Recommended Deployments .............................................................................12 Simple Deployment ........................................................................................12 Deployment in the DMZ .................................................................................13 Cluster Deployment .......................................................................................15 Basic SmartDashboard Configuration .................................................................15 The SSL VPN Wizard ....................................................................................16 Setting up the SSL VPN Portal ...........................................................................17 Managing Access to Applications .......................................................................17 Configuring SSL VPN Policy ..........................................................................18 Applications for Clientless Access .....................................................................20 Introduction to Applications.................................................................................20 Protection Levels ................................................................................................20 Using Protection Levels .................................................................................20 Defining Protection Levels .............................................................................21 Web Applications ................................................................................................21 SSL VPN Web Applications ...........................................................................22 Web Applications of a Specific Type ..............................................................22 Configuring Web Applications ........................................................................22 Link Translation .............................................................................................28 Link Translation Domain ................................................................................31 Web Application Features ..............................................................................32 File Shares .........................................................................................................35 File Share Viewers .........................................................................................35 Configuring File Shares .................................................................................35 Using the $$user Variable in File Shares .......................................................38 Citrix Services ....................................................................................................38 Citrix Deployments Modes - Unticketed and Ticketed ....................................38 Configuring Citrix Services .............................................................................39

Web Mail Services ..............................................................................................42 Web Mail Services User Experience ..............................................................42 Incoming (IMAP) and Outgoing (SMTP) Mail Servers ....................................42 Configuring Mail Services ..............................................................................42 Native Applications .............................................................................................44 DNS Names .......................................................................................................44 DNS Names and Aliases ...............................................................................44 Where DNS Name Objects are Used .............................................................44 Defining the DNS Server used by SSL VPN ..................................................44 Configuring DNS Name Objects ....................................................................45 Using the Login Name of the Currently Logged in User .................................45 Single Sign On ...................................................................................................45 Supported SSO Authentication Protocol ........................................................46 HTTP Based SSO ..........................................................................................46 Web Form Based SSO ..................................................................................47 Application and Client Support for SSO .........................................................48 Basic SSO Configuration ...............................................................................48 Advanced Configuration of SSO ....................................................................50 Advanced Configuration of Web Form SSO ...................................................51 Kerberos Authentication Support ...................................................................53 Introduction to Native Applications .................................................................54 VPN Clients ...................................................................................................54 Configuring VPN Clients ................................................................................57 Configuring SSL Network Extender Advanced Options ..................................59 Endpoint Application Types............................................................................60 Configuring a Simple Native Application ........................................................62 Configuring an Advanced Native