When you enable the SSL VPN blade in Checkpoint firewall:
You are automatically given a 30 day trial license for 10 users.
Start the SSL VPN Wizard:
-Configure your firewall access rules to permit SSL VPN traffic. The actual rules needed depend on your configuration.
-A rule allowing HTTPS (TCP/443) traffic is automatically added to the rule base as an Implied Rule.
-For easier end user access, it is recommended that the Security Gateway accept HTTP (TCP/80) traffic.SSL VPN requires access to DNS servers in most scenarios.
The SSL VPN Wizard enables you to easily configure remote access to your network, enabling users to access an internal site remotely. Alternatively, you can configure access to a Demo application.
Essentially, the Wizard guides you through the process of:
1. Creating a Web Application object
2. Creating a user group, selecting an existing user group, or selecting LDAP users or groups
3. Troubleshooting connectivity between the Security Gateway and the Web application
4. Creating an SSL VPN access rule that allows a user group to access the Web application
1. Creating a Web Application object
Configure a Web application that users will connect to remotely.
If you have an internal Web application, for example, an organizational intranet site or Microsoft Outlook Web Access, it is recommended to configure access to that site. Enter its URL and, optionally, a display name, which is how the application will appear in the portal, for example, Company Intranet.
After entering the details, you can Test connectivity between the gateway and your internal application. If the gateway cannot reach the Web application, the Wizard will list steps that you can take to enable connectivity. You can automatically accept the suggestions, making troubleshooting quick and easy. You can also choose to configure the DNS and proxy settings manually.
If you do not have an internal site, select the Demo application. The Demo application does not need any further details or connectivity tests.
2. Configure Authorized Users
Configure the user or user groups that are allowed to access the Web applications that you configured in Step 1.
Make a selection to choose which users or groups can access the configured application:
-Test user- Create a test user by entering credentials of an internal user who will be allowed to access the application.
-Users or groups from Active Directory AD.xxx.com – Define users and groups from the Active Directory that is already configured to work with your environment. This option only appears if the computer running the Wizard is a member of an Active Directory domain.
-Users or groups from other Active Directory domain – Define a new Active Directory and an account that will validate user login
Configuring Users or Groups from an Active Directory
If you selected one of the Active Directory options above, enter a User name and Password that the Security Gateway can use to gain access into the Active Directory and validate users’ credentials. You may want to create a user account for this specific purpose.
Note – SSL VPN does not support Microsoft Active Directory 2000.
A new page opens in which you specify which users from the AD are authorized to access the application. In
effect, you are creating a user group on the AD user gateway that you specify. Under Authorized Users select one of the following:
-Your user – allows access only to you with your AD credentials
-All users – allows access to all users defined in the Active Directory
-Specific user(s)/group(s) – manually enter AD users and user groups.
The SSL VPN Wizard is Complete
A summary tells you what you have accomplished using the First Time Wizard.
1. Click Finish to complete the Wizard.
2. Wait while the new objects are created.
3. Click OK on the Security Gateway Properties window. You must install the security policy on the Security Gateway in order for your changes to take effect.