'Configuration > Object > SSL Application' why is it for?

pista
pista Posts: 22  Freshman Member
edited April 2021 in Security
Hi guys,

I would like to ask you more about the option of 'Configuration > Object > SSL Application'? We have ZyXel USG1100.

Why is this settings for? How can I properly setup it?

Just trying to assure myself that this feature is (or is not) the one what I am looking for.

I would like to know if this configuration is not applicable to tell SSL VPN solution, that for this kind of webservice (webpage) go thru SSL VPN interface. I could than restrict some Public service hosted on f.e. 54.30.22.13 that it can allow connections from SSL VPN range (f.e. 192.168.100.0/24).

Thanks for your replies! 

All Replies

  • Mark_Zyxel
    Mark_Zyxel Posts: 118  Zyxel Employee
    Dear @pista

    I am not sure never did real testing with this option maybe you can share your findings..

    here is a basic setup guide

    How To Configure SSL VPN for Remote Access Mobile Devices

    This is an example of using the ZyWALL/USG SSL VPN for remote access mobile devices to securely connect to the File Sharing Server behind the ZyWALL/USG. 

     ZyWALL/USG SSL VPN for Secure External Access to Network Resources

    Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG1900 (Firmware Version: ZLD 4.13).

    SETUP/STEP BY STEP PROCEDURE:

    Set Up the SSL VPN Tunnel on the ZyWALL/USG

     

    1     In the ZyWALL/USG, go to CONFIGURATION > VPN > SSL VPN > Access Privilege to add an Access Policy. Configure a Name for you to identify the SSL VPN configuration.

    CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Configuration

    2     Go to Create new Object > User to add User Name (SSL_VPN_1_Users in this example) and Password (4-24 characters, zyx168 in this example), click OK.

    CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Create new Object > User

     

    3     Go to Create new Object > Application to add servers that you will allow SSL_VPN_1_Users to access. Click OK.

    CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Create new Object > Application

    4     Then, move the just created address object to Selected User/Group Objects. Similarly, in SSL Application List (Optional) move the servers you want available to SSL users to Selected Application Objects.

    CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > User/Group & SSL Application

    Test the SSL VPN Tunnel

     

    1     Type the ZyWALL/USG’s WAN IP into the browser, then the login screen appears. Enter User Name and Password to be the same as your ZyWALL/USG SSL VPN Selected User/Group name and password (SSL_VPN_1_Users/zyx168 in this example). Click SSL VPN.

    2     The File Sharing server appears.

    3     Click the File Sharing folder you want to access, enter User Name/ Password of your File Sharing server and click Login.

    4     Now you can securely access the files.

     


    VERIFICATION:

    What Can Go Wrong?

     

    1     If you see [notice] or [alert] log message such as below, please check ZyWALL/USG SSL Selected User/Group Objects settings. Windows 10 users must use the same Username and Password as configured in ZyWALL/USG to establish the SSL VPN tunnel.

    2     If you uploaded a logo to show in the SSL VPN user screens but it does not display properly, check that the logo graphic is in GIF, JPG, or PNG format. The graphic should use a resolution of 103 x 29 pixels to avoid distortion when displayed. The ZyWALL/USG automatically resizes a graphic of a different resolution to 103 x 29 pixels. The file size must be 100 kilobytes or less. Transparent background is recommended.

    3     If users can log into the SSL VPN but cannot see some of the resource links check the SSL application object’s configuration.

    4     If the ZyWALL/USG redirects the user to the user aware screen, check whether the user account is included in an SSL VPN access policy or not.

    5     Changing the HTTP/HTTPS configuration disconnects SSL VPN network extension sessions. Users need to re-connect if this happens.



    👾

Security Highlight