The ssl vpn client statistics – Amer Networks E5Web GUI User Manual

Figure 9.7. The SSL VPN Client Statistics

SSL VPN Client Operation

Whenever the SSL VPN client application runs, the following happens:

•

A route is added to the Windows routing table. This route is equivalent to a cOS Core default
all-nets route.

•

The added default route directs all traffic from the Windows client through the SSL tunnel.

When the Windows SSL VPN client application ends, the SSL tunnel is closed and the default
route in the Windows routing table is removed, returning the routing table to its original
state.

•

An SSL connection is made to the configured Ethernet interface on a Clavister Security
Gateway and the next available IP address is handed out to the client from the associated SSL
VPN object's IP pool.

In addition, a single route for the client is added to the cOS Core routing table. This route
maps the handed out client IP address to the associated SSL VPN interface.

•

Traffic can now flow between the client and the security gateway, subject to cOS Core IP
rules.

Specifying IP Rules for Traffic Flow

No IP rules need to be specified for the setup of an SSL VPN tunnel itself, provided that the
advanced setting SSLVPNBeforeRules is enabled. However, appropriate IP rules need to be
specified by the administrator to allow traffic to flow through the tunnel.

Since SSL VPN connections originate from the client side, the SSL VPN interface object should be
the source interface of the IP rule and the source network should be the range of possible IP
addresses that the clients can be given. Specifying the source network as all-nets would of course
work but it always more secure to use the narrowest possible IP address range.

For more information about specifying IP rules see Section 3.6, “IP Rules and IP Policies”.

Client Cleanup

Chapter 9: VPN

642