H3C Technologies H3C MSR 50 User Manual
Page 447
62
Table 182 Configuration items
Item Description
Enable security check
Select this item to enable security check.
With security check enabled, the SSL VPN system checks a user host based on the
security policy and determines whether to allow the user to access resources according
to the check result.
IMPORTANT:
To implement user host security check, you must also configure the security policy. See
"
Use verification code
Select this item to use verification codes.
After you select this item, users must enter the correct verification codes to log in to the
SSL VPN system.
Enable separate
client
Select this item to enable the separate client function.
After a user logs in to SSL VPN, the SSL VPN client automatically runs. With separate
client enabled, the system automatically closes the SSL VPN Web interface, leaving the
client software running alone.
Enable MAC address
binding
Select this item to enable MAC address binding.
With MAC address binding enabled, the SSL VPN system obtains the MAC address of
a user when the user logs in, for user identity authentication or MAC address learning.
Enable automatic
login
Select this item to enable automatic login.
With automatic login enabled, when a user enters the SSL VPN login page, the system
will automatically log the user in by using the guest account or the certificate account,
depending on the authentication mode specified in the default authentication method.
•
When the authentication mode is password, the system uses the guest account for
automatic login.
•
When the authentication mode is certificate, the system uses the username carried in
the client certificate for automatic login.
•
When the authentication mode is password+certificate, the system uses the guest
account for automatic login and requires that the user have the client certificate for
the guest account.
User Timeout
Set an idle timeout for users.
If a login user does not perform any operation during this period, the system logs out
the user.
Default
Authentication
Method
Select the default authentication method used on the SSL VPN login page.
IMPORTANT:
To specify an authentication method other than local authentication as the default
authentication method, you must also enable the authentication method (see
"
Configuring authentication policies
").
Certificate's
Username Field
Select the certificate field to be used as the username when the authentication mode is
certificate. Options include the Common-Name filed and the Email-Address field.
Verify Code Timeout
Set a timeout for the verification code displayed on the SSL VPN login page. If a user
does not enter the displayed verification code in this period, the verification code
becomes invalid. The user can refresh the login page to get a new verification code.