Stormshield SN series Configuration Manual page 336

Enter a name for this server. (The field can be left empty. Allowed characters: numbers, letters,
spaces, -, _, and dots.)
This server's configuration then appears. The different parameters are explained below.
Destination server
Port
URL: access path
URL used by SSL VPN Link calculated based on 3 fields: Destination server, Port and URL: access path.
Name of the link on
the user portal
Advanced properties
Enable URL whitelist
Don't show this server
on the user portal
(access via another
server only)
Deactivate NTLM
Page 336/448
The object corresponding to the server accessible to the user can be specified in this
field.
Warning
Make sure that you use an object whose name is identical to the FQDN name of
the server it refers to. If this is not the case, (e.g. object name: webmail, FQDN
name: www.webmail.com), Firewall queries to this server may be refused.
The port on the server accessible to the user can be specified in this field. Port 80 is
defined for HTTP.
This URL enables going directly to the specified page.
(Example: http://destination server/URL: access path).
The defined link appears on the Stormshield Network web portal. When the user clicks
on this link, he will be redirected to the corresponding server.
Only links that the SSL VPN module has rewritten can be accessed through SSL VPN. If,
on an authorized site, there is a link to an external website whose server has not been
defined in SSL VPN configuration, the authorized site will not be accessible via SSL
VPN.
If the white list has been activated, it will enable access to URLs which have not been
rewritten through the field Do not rewrite URLs in the category. For example, for
webmail SSL VPN access, if you wish to allow users to quit the SSL VPN by clicking on
the links contained in their e-mails, you need to add a whitelist containing "*".
Warning
If the user clicks on a link in the whitelist, it will no longer be protected by the
Stormshield Network SSL VPN module.
All servers configured in SSL VPN are listed on the Stormshield Network authentication
portal by default. However, it may be necessary for servers to be accessible only
through another server, so in this case, the option Don't show this server on the user
portal has to be selected. When this option is selected during the configuration of a
server, this server can be accessed via SSL VPN, but will not be on the direct-access
list. A link to this server is needed in order to access it. An application can use several
servers but have only one entry point, so only one link in the menu of the portal.
Some web servers may request authentication before the transfer of data between
the server and the user. This method can be disabled for servers that do not support
this authentication method for traffic passing through the firewall.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SSL VPN PORTAL