Enable the SSL VPN Portal for an NGFW Engine

In the Engine Editor, enable the SSL VPN Portal for each NGFW Engine that provides SSL VPN Portal access.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click an engine element, then select Edit <element type>.
  2. Browse to VPN > SSL VPN Portal.
    The SSL VPN Properties pane opens on the right.
  3. Click Select to select the SSL VPN Portal you want to use.
  4. (Optional) To change the SSL cryptographic algorithms used by the SSL VPN Portal, click Select next to the TLS Cryptography Suite Set field, then select a TLS Cryptography Suite Set element.
  5. Click Save and Refresh to transfer the new configuration to the engines.

Engine Editor > VPN > SSL VPN Portal

Use this branch to change settings for the SSL VPN portal on the NGFW Engine.

Option Definition
SSL VPN Portal Shows the SSL VPN Portal element that is selected for the NGFW Engine. Click Select to select an element.
Port

(Optional)

 The port for client connections to the SSL VPN Portal. The default port is 443.
Allowed SSL/TLS Versions The versions of SSL and TLS that are allowed for connections to the SSL VPN Portal.
  • SSL 3.0
  • TLS 1.0
  • TLS 1.1
  • TLS 1.2
TLS Cryptography Suite Set The cryptographic suite for TLS connections to the SSL VPN Portal. Click Select to select an element. Do not change the default setting unless you have a specific reason to do so.

TLS Cryptography Suite Set Properties dialog box

Use this dialog box to view the properties of the default TLS Cryptography Suite Set element. Advanced users can create custom TLS Cryptography Suite Set elements if they have a specific reason to do so.

Option Definition
Name Specifies the name of the element.
Comment Adds a comment to the element.
Common Select one or more SSL cryptographic algorithms.
Note: SSL cryptographic algorithms in the Common section are compatible with SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS 1.2 Only Select one or more SSL cryptographic algorithms.
Note: SSL cryptographic algorithms in the TLS 1.2 Only section are only compatible with TLS 1.2.
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_DHS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384