HPE FlexNetwork MSR Series Configuration Manual page 413

Table 180 Configuration items
Item
Enable security
check
Use verification
code
Enable separate
client
Enable MAC
address binding
Enable automatic
login
User Timeout
Default
Authentication
Method
Certificate's
Username Field
Verify Code Timeout
Description
Select this item to enable security check.
With security check enabled, the SSL VPN system checks a user host based on the
security policy and determines whether to allow the user to access resources
according to the check result.
IMPORTANT:
To implement user host security check, you must also configure the security policy.
"Configuring a security
See
Select this item to use verification codes.
After you select this item, users must enter the correct verification codes to log in to
the SSL VPN system.
Select this item to enable the separate client function.
After a user logs in to SSL VPN, the SSL VPN client automatically runs. With
separate client enabled, the system automatically closes the SSL VPN Web
interface, leaving the client software running alone.
Select this item to enable MAC address binding.
With MAC address binding enabled, the SSL VPN system obtains the MAC address
of a user when the user logs in, for user identity authentication or MAC address
learning.
Select this item to enable automatic login.
With automatic login enabled, when a user enters the SSL VPN login page, the
system will automatically log the user in by using the guest account or the certificate
account, depending on the authentication mode specified in the default
authentication method.
•
When the authentication mode is password, the system uses the guest account
for automatic login.
•
When the authentication mode is certificate, the system uses the username
carried in the client certificate for automatic login.
•
When the authentication mode is password+certificate, the system uses the
guest account for automatic login and requires that the user have the client
certificate for the guest account.
Set an idle timeout for users.
If a login user does not perform any operation during this period, the system logs out
the user.
Select the default authentication method used on the SSL VPN login page.
IMPORTANT:
To specify an authentication method other than local authentication as the default
authentication method, you must also enable the authentication method (see
"Configuring authentication
Select the certificate field to be used as the username when the authentication mode
is certificate. Options include the Common-Name filed and the Email-Address
field.
Set a timeout for the verification code displayed on the SSL VPN login page. If a user
does not enter the displayed verification code in this period, the verification code
becomes invalid. The user can refresh the login page to get a new verification code.
59
policy."
policies").