The Ssl Vpn Client Statistics - D-Link NetDefendOS User Manual

SSL VPN Client Operation
Whenever the SSL VPN client application runs, the following happens:
• A route is added to the Windows routing table. This route is equivalent to a NetDefendOS
default all-nets route.
• The added default route directs all traffic from the Windows client through the SSL tunnel.
When the Windows SSL VPN client application ends, the SSL tunnel is closed and the default
route in the Windows routing table is removed, returning the routing table to its original
state.
• An SSL connection is made to the configured Ethernet interface on a NetDefend Firewall and
the next available IP address is handed out to the client from the associated SSL VPN object's
IP pool.
In addition, a single route for the client is added to the NetDefendOS routing table. This route
maps the handed out client IP address to the associated SSL VPN interface.
• Traffic can now flow between the client and the firewall, subject to NetDefendOS IP rules.
Specifying IP Rules for Traffic Flow
No IP rules need to be specified for the setup of an SSL VPN tunnel itself, provided that the
advanced setting SSLVPNBeforeRules is enabled. However, appropriate IP rules need to be
specified by the administrator to allow traffic to flow through the tunnel.
Since SSL VPN connections originate from the client side, the SSL VPN interface object should be
the source interface of the IP rule and the source network should be the range of possible IP
addresses that the clients can be given. Specifying the source network as all-nets would of course
work but it always more secure to use the narrowest possible IP address range.
For more information about specifying IP rules see Section 3.6, "IP Rules and IP Policies".
Client Cleanup
Should the SSL VPN client application terminate prematurely for some reason, the Windows
Figure 9.7. The SSL VPN Client Statistics
758
Chapter 9: VPN