• No results found

Sophos UTM. Remote Access via IPsec Configuring Remote Client

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Sophos UTM. Remote Access via IPsec Configuring Remote Client"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Sophos UTM

Remote Access via IPsec

Configuring Remote Client

Product version: 9.300

Document date: Tuesday, October 14, 2014

(2)

The specifications and information in this document are subject to change without notice.

Companies, names, and data used in examples herein are fictitious unless otherwise noted.

This document may not be copied or distributed by any means, in whole or in part, for any reason, without the express written permission of Sophos Limited. Translations of this ori- ginal manual must be marked as follows: "Translation of the original manual".

© 2014 Sophos Limited. All rights reserved.

http://www.sophos.com

Sophos UTM, Sophos UTM Manager, Astaro Security Gateway, Astaro Command Center, Sophos Gateway Manager, Sophos iView Setup and WebAdmin are trademarks of Sophos Limited. Cisco is a registered trademark of Cisco Systems Inc. iOS is a trademark of Apple Inc. Linux is a trademark of Linus Torvalds. All further trademarks are the property of their respective owners.

Limited Warranty

No guarantee is given for the correctness of the information contained in this document.

Please send any comments or corrections to [email protected].

(3)

Contents

1 Introduction 4

2 Getting Software and Certificates 5

3 Configuring the Sophos IPsec Client 7

4 Connecting to the VPN 9

5 Disconnecting from the VPN 10

(4)

1 Introduction

1 Introduction

To be able to access the UTM via IPsec VPN, you need to configure your remote com- puter. To do so, access the UTM User Portal with a browser on the remote client. There, the necessary installation instructions, the Sophos IPsec Client software and configuration files are available for download. Then you install the software and configure the installed software.

4 UTM 9 – Remote Access via IPsec

(5)

2 Getting Software and Certificates

The UTM User Portal is available to all remote access users. From this portal, you can download guides and tools for the configuration of your client. You should get the fol- lowing user credentials for the User Portal from your system administrator: IP address, username, and password.

Especially for the IPsec remote access based on authentication with X.509 certificate, the User Portal offers the Sophos IPsec Client software, the configuration files, and necessary keys.

1. Start your browser and open the User Portal.

Start your browser and enter the management address of the User Portal as follows:

https://IP address(example: https://218.93.117.220).

A security note will be displayed.

Accept the security note. Depending on the browser, click I Understand the Risks >

Add Exception > Confirm Security Exception (Mozilla Firefox), or Proceed Anyway (Google Chrome), or Continue to this website (Microsoft Internet Explorer).

2. Log in to the User Portal.

Enter your credentials:

Username: Your username, which you received from the administrator.

Password: Your password, which you received from the administrator. Please note that passwords are case-sensitive.

Click Login.

3. On the Remote Access page, download the tools and/or configuration guide for setting up your remote access connection.

This page can contain up to five sections, depending on the remote access con- nection types (IPsec, SSL, L2TP, PPTP, iOS devices) your administrator enabled for you.

At the top of most of the sections you find a help icon which opens the respective remote access guide.

UTM 9 – Remote Access via IPsec 5

2 Getting Software and Certificates

(6)

2 Getting Software and Certificates

The IPsec VPN section contains the executable client software, configuration file, and certificate (if selected) for the remote access client.

In the Export password field, enter a password to secure the PKCS#12 container before downloading the certificate. Note that you will need the security password of the certificate later on.

Start the download processes by clicking the respective Download button. Download all files and store them in a location of your choice. You will need all those files later on when installing and configuring the Sophos IPsec Client.

4. Close the User Portal session by clicking Log out.

The rest of the configuration takes place on the Sophos IPsec Client.

Note – The Sophos IPsec Client runs on Windows XP, Vista, and 7.

6 UTM 9 – Remote Access via IPsec

(7)

3 Configuring the Sophos IPsec

Client

First you have to start the Sophos IPsec Client installation via double-clicking the down- loaded exe file and follow the necessary steps in the installation wizard. As a separate software it has its own documentation. You can instantly use the 30-day trial licence or activate the software using the purchased licence key.

After installation, in order to configure the Sophos IPsec Client, proceed as follows:

1. Import the user’s configuration file.

The profile settings of the INI file have to be imported to the Sophos IPsec Client. In the Profile dialog box, click Add/Import. The New Pro- file Wizard appears. Follow the steps of the wizard to import the user’s con- figuration file.

2. Import the PKCS#12 file.

Open the Configuration > Cer- tificates menu of Sophos IPsec Client. Click Add. Enter a Name, and as Certificate select from PKCS#12 File. Then click the button next to PKCS#12 File- name. Browse for the PKCS#12 file of the user and select it.

Store the key by clicking OK and close the dialog box.

3. Assign the certificate to the user.

UTM 9 – Remote Access via IPsec 7

3 Configuring the Sophos IPsec Client

(8)

3 Configuring the Sophos IPsec Client

Open the Configuration > Pro- files menu on Sophos IPsec Cli- ent. In the Profile dialog box, select the imported profile, and click Edit. On the left, select the Identities entry. From the Cer- tificate configuration drop-down list, select the previously impor- ted certificate.

Click OK.

8 UTM 9 – Remote Access via IPsec

(9)

4 Connecting to the VPN

In Sophos IPsec Client, click the Con- nection button.

If the connection establishes suc- cessfully, you will see a green bar and the information Connection established, as displayed in the figure. Additionally, the Tray icon of Sophos IPsec Client switches from red to green.

If you chose X.509 as authentication method, a PIN dialog will open when con- necting to the VPN. In this case, enter the password you used for downloading the PKCS#12 container from the User Portal.

The Sophos IPsec Client has a caching mechanism. So during normal operation (connect/disconnect) it is only necessary to enter the PIN once. It is only after a restart of your computer that you need to enter the PIN again.

Alternatively, you can connect from the Sophos IPsec Client Tray icon menu. Right-click the icon , and select the Connect entry from the context menu.

UTM 9 – Remote Access via IPsec 9

4 Connecting to the VPN

(10)

5 Disconnecting from the VPN

5 Disconnecting from the VPN

To disconnect from the VPN, click the Disconnect button.

Alternatively, you can disconnect from the Sophos IPsec Client Tray icon menu. Right- click the icon , and select the Disconnect entry from the context menu.

Note – The client has a timeout mechanism included. By default, Sophos IPsec Client does not close the VPN connection in case of an inactivity (default value set to 0). In order to increase this value, edit your profile in Configuration > Profile Settings, and go to the section Line Management. You can specify a higher value in Inactivity Timeout, which means that the connection will be terminated if no data is transmitted for the time specified.

10 UTM 9 – Remote Access via IPsec

References

Download now ( PDF - 10 Page - 477.94 KB )

Related documents

Remote user access VPN with IPsec

Hybrid authentication is another IKE extension that makes the phase 1 asym- metric: the VPN gateway authenticate to the mobile host by using a certificate, and the mobile host does

How To Secure Your Business

Orange Business Services proposed a two-pronged remote access solution: highly secure IPSec remote access for users with corporate devices and secure, web-based remote access with

Juniper NetScreen 5GT

This configuration guide describes how to configure TheGreenBow IPSec VPN Client software with a Juniper NetScreen 5GT firewall to establish VPN connections for remote access

Sophos UTM. Remote Access via SSL Configuring Remote Client

On the remote computer, the allowed user downloads the Sophos SSL VPN Client soft- ware including configuration data from the UTM User Portal.. After installing the software package

Configuration Guide SOPHOS XG Firewall

This configuration guide describes how to configure TheGreenBow IPsec VPN Client software with a SOPHOS XG Firewall VPN router to establish VPN connections for remote access

axsguard Gatekeeper IPsec XAUTH How To v1.6

The use and configuration of the aXsGUARD Gatekeeper Certificate Authority (CA), X.509 server and client Certificates is explained in the aXsGUARD Gatekeeper IPsec How To, which

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

2.1 Defining a User Account 6 2.2 Configuring SSL Settings 7 2.3 Configuring Advanced SSL Settings 8 2.4 Creating Firewall and Masquerading Rules 10 2.4.1 Defining a Firewall Rule

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

This guide describes step by step the configuration of a remote access to the Astaro Security Gateway by using L2TP over IPSec.. L2TP over IPSec is a combination of the Layer