Sunday, November 24, 2024
Alternative Way
  • Home
  • Latest
    • Latest
  • News
  • World Tech
  • World Gaming
  • Minecraft
  • Guides
  • Contact Us
  • About The Team
    • Privacy Policy
    • Terms of Use
No Result
View All Result
  • Home
  • Latest
    • Latest
  • News
  • World Tech
  • World Gaming
  • Minecraft
  • Guides
  • Contact Us
  • About The Team
    • Privacy Policy
    • Terms of Use
No Result
View All Result
Alternative Way
No Result
View All Result

Instructions for configuring SSL VPN Remote Access with users synced from AD –

Gordon James by Gordon James
October 3, 2021
in World Tech Code
0 0
0
Home World Tech Code

The information provided below will assist you in configuring a split tunnel VPN server, which will allow access to your AD Users, and allow them to access the internet from their devices.

There are several benefits to using a Virtual Private Network (VPN) for remote access to a computer. One of the best is that a VPN allows users to connect to the network from almost any location they can connect to the internet. When a VPN is used for remote access of a computer this gives users the freedom to access computing resources from anywhere and from any system they have access to.

Follow this step-by-step guide to setup a remote access client to take over your network. If you want to implement a VPN (Virtual Private Network) on your home or small office network, you will need a client, which is a piece of software that allows you to connect to the VPN over the Internet. The steps in this guide explains how to install and configure the client.. Read more about sophos ssl vpn configuration and let us know what you think.

Instructions for configuring SSL VPN Remote Access with users synced from AD –

Table of Contents

Toggle
  • The Article’s Goal
  • 2.diagram
  • 3.scenario
  • 4.adoption procedure
  • 5.Configuration
      • AD Sync
      • 5.2.Add OE to the group
      • 5.3. Configuration of an SSL VPN
      • Subnet profiling for LAN and VPN
      • 5.5.SSL VPN Remote Access Profile Configuration
      • 5.6.On the WAN port, start the user portal and the SSL VPN service.
      • Developing a policy
      • 5.8.Result
    • OTHER THINGS YOU MIGHT BE INTERESTED IN
    • Related Tags

The Article’s Goal

Techbast describes how to set up SSL VPN remote access so that users with accounts synchronized from Active Directory can access a remote system.

2.diagram

word-image-10021

Details:

  • With a WAN IP of 192.168.1.50, the Sophos Firewall device was connected to the Internet through port 2.
  • The Palo Alto appliance’s LAN area is set with IP 10.145.41.1/24 on port 1 and a DHCP subnet of 10.145.41.0/24.
  • On the local network, there is also an AD server with the IP 10.145.41.11/24, on which an IT-OU is formed, the IT-OU has a support group, and the support group contains user1, user2, and user3.
  • We’ll use a PC that isn’t connected to the Internet to set up an SSL VPN connection for remote access.

3.scenario

On the Sophos Firewall appliance, we set up SSL VPN remote access. We utilize an AD user to log in after configuration, and when he signs in, he obtains an IP address in the range of 10.81.234.5-10.81.234.55, as well as access to the LAN subnet resources.

4.adoption procedure

  • AD-Sync
  • Adding a new OU to a group
  • Configure SSL VPN Configuration
  • LAN and VPN Subnets: Creating a Profile
  • For remote access, you’ll need to set up an SSL VPN access profile.
  • On the WAN port, start the user portal and the SSL VPN service.
  • Create a policy.
  • Result

5.Configuration

AD Sync

The first step is to connect the Active Directory to the Sophos Firewall.

To synchronize, go to CONFIG > Authentication > Server > click Add.

Configure the parameters as follows:

  • Select Active Directory as the server type.
  • LearningIT, LearningIT, LearningIT, LearningIT, LearningIT, LearningIT, LearningIT,
  • 10.145.41.11 is the server’s IP address and domain name.
  • Connection security: Choose the simple text option.
  • 389-389-389-389-389-389-389-389-389-389-3
  • LEARNINGIT is a NetBIOS domain.
  • Director is the ADS* user name.
  • Password* : Enter the administrator’s password.
  • Leave the display name blank.
  • Reference e-mail address: mail
  • *Learnit.xyz is a domain name.
  • Research by Marie Curie* : Click Add, then type dc=learningit,dc=xyz, then OK.
  • To test the connection to the AD server, click the Test Connection button.
  • Save your work by pressing the Save button.

word-image-10022

5.2.Add OE to the group

We must import OUs and groups from AD after a successful AD sync.

To start the import, click the icon as shown in the image.

word-image-10023

When the group import wizard’s help window appears, click Start.

word-image-10024

In the first stage, choose dc=learningit,dc=xyz from the drop down menu for the group’s base DN.

word-image-10025

Step 2: Selecting AD Groups to Import displays the current OUs and groups in AD; in this case, techbast selects the Support group from the IT OU, as indicated.

word-image-10026

Press the > button to continue.

word-image-10027

Press the > button to continue.

word-image-10028

Press the > key and press OK to continue.

word-image-10030

To close the window, click Close.

word-image-10031

After the import, we can check under CONFIGURATION > Authentication > Group whether the group has been imported.

The support group was established as a result of this.

word-image-10032

To have the firewall device authenticate users from AD, you must go to CONFIGURATION > Authentication > Service.

Only local accounts are now authenticated on the firewall, according to the Firewall Authentication Methods section.

We’ll highlight the LearningIT field, which is the server we just synced, and drag it to Local on the right.

To save, click Apply.

word-image-10033

5.3. Configuration of an SSL VPN

To configure the SSL VPN setting, go to CONFIG > VPN > view VPN settings > SSL VPN.

The IP lease range section and the Override hostname section are both empty.

We enter 192.168.1.50 as the Sophos XG’s WAN IP in the Override hostname box; this is the IP that will be used to establish the SSL VPN connection to the outside environment.

The IP location range is the set of IP addresses given to users who connect to the SSL VPN securely. We’ll leave this area alone for now, but based on your preferences, you can alter it to a different IP address range during setting.

To save, click Apply.

word-image-10034

Subnet profiling for LAN and VPN

To create, go to SYSTEM > Hosts and Servers > click on Add.

Create a profile with the following settings at the LAN level:

  • Local Name* :
  • Version of IP*: IPv4
  • Network Type*
  • – Subnet: /24 – IP address*: 10.145.41.0 [255.255.255.0]
  • Save your work by pressing the Save button.

word-image-10035

Similarly, for the SSL VPN subnet, we’ll establish a profile with the following settings:

  • SLL VPN remote access (name*)
  • Version of IP*: IPv4
  • Select an IP address range by typing *.
  • 10.81.234.5 – 10.81.234.55 IP address*
  • Save your work by pressing the Save button.

word-image-10036

5.5.SSL VPN Remote Access Profile Configuration

To configure, go to CONFIG > VPN > SSL VPN [Remote Access] > Click Add.

Configure the parameters as follows:

  • Remote access with SSL VPN (name*)
  • Members of the Policy Committee: Select the individual or group to whom you want to allow VPN access, and then the Support group.
  • Allowable network resources [IPv4]: Select the IP, subnet, or range of IP addresses that the VPN connection can access when connected to SSL VPN. Here, select the newly established local profile.
  • Apply should be selected.

word-image-10037

5.6.On the WAN port, start the user portal and the SSL VPN service.

We need to open both of these services on the WAN port of the Sophos device to allow users from outside the Internet to access the user portal and download the VPN software and connect to an SSL VPN.

To access it, go to SYSTEM > Administration > Device Access.

The two services User Portal and SSL VPN are selected in the WAN line.

Then, to connect, click the Apply button.

word-image-10038

Developing a policy

The SSL VPN cannot connect to the local network when the user connects it to the system.

A policy that enables traffic between LAN and VPN zones is required.

To create a policy, go to PROTECT > Rules and Policies > click Add Firewall Rule > New Firewall.

Make in accordance with the following guidelines:

  • The rule is now in effect.
  • SSL VPN is the line’s name.
  • CV is an action.
  • Firewall traffic should be recorded: Please check the box.
  • This is the proper stance: Top
  • No, there isn’t a regulatory group.
  • Select LAN and VPN as source areas*.
  • Select two profiles, Local Remote Access and SSL VPN, for your networks and source devices*.
  • Choose All Period at the scheduled time.
  • Select LAN and VPN as target areas*.
  • Select two remote and local SSL VPN access profiles as target networks*.
  • Select a service* from the list below.
  • Check to see if the users are familiar with the game.
  • Users or Groups* in the table: Choose a support group. (This policy can only be used by members of this group when connecting to an SSL VPN.)
  • Save by clicking the Save button.

word-image-10039

5.8.Result

Once the installation is complete, create an SSL VPN connection from a machine that is not connected to the Internet.

To begin, go to the user portal and download the program as well as the SSL VPN profile.

Go to https://192.168.1.50 to enter the user portal.

We log in with an account and password after acquiring access.

is used to link user1 to AD, which is synchronized.

word-image-10040

We click Download VPN and Client after logging in and setup Windows to download the program.

word-image-10041

Then, as described below, install the SSL VPN remote access program.

word-image-10047

The application will display on the taskbar in the bottom right corner of the screen once the installation is complete.

Connect by right-clicking on the traffic light icon.

word-image-10048

Enter your user1 account and password in the login window and click OK.

word-image-10049

When the connection is made, a notice similar to the one below appears.

The connection was successful, and the allocated IP address is 10.81.234.6, which matches the IP address distribution range we set up at the start.

word-image-10050

Finally, test the LAN connection by pinging the AD server.

word-image-10051

OTHER THINGS YOU MIGHT BE INTERESTED IN

I recently had to do a lot of work to our remote access solution and have decided to document it for others. First off, I am going to cover the basic overview of remote access and configuration. You can find more on this in the Office 365 Remote Access Architectural Reference  article. I will also cover how to configure VPN for users in Active Directory.. Read more about ssl vpn user authentication and let us know what you think.

Related Tags

This article broadly covered the following related topics:

  • ssl vpn user portal
  • sophos ssl vpn client not connecting
  • ssl vpn user authentication
  • sophos ssl vpn client login
  • sophos ssl vpn config file download
Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
ShareTweet
Gordon James

Gordon James

Next Post
🥇 Request Donations from Facebook Live  Step by Step Guide ▷ 2021

🥇 Request Donations from Facebook Live  Step by Step Guide ▷ 2021

There's always an alternative Way!
Find us at 4145 Zolynthian Street, Vylorthos, QP 78425
No Result
View All Result
  • Home
  • Latest
    • Latest
  • News
  • World Tech
  • World Gaming
  • Minecraft
  • Guides
  • Contact Us
  • About The Team
    • Privacy Policy
    • Terms of Use

© 2022 - Alternative Way

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • Travel News

© 2024 JNews - Premium WordPress news & magazine theme by Jegtheme.