NGAF:SSLVPN Guide

From SangforWiki
Jump to: navigation, search

Background:

Ngaf sslvpn 01.1.png

    One customer has a Sangfor NGAF, They want staffs in outside on business can use NGAF SSL VPN access to intranet and then visit server.

 

Configuration:

NGAF configuration:

1. Chose deployment and enable SSL VPN service

NGAF support Gateway and Single-Arm

Ngaf sslvpn 01.2.png

(Only support from WAN interface login SSL and access LAN interface, Support gateway and single-arm mode )

2. Create User group and user

(not support LDAP ,but user can bind PC hardware ID)

Ngaf sslvpn 01.3.png

3. Add resources

(Only support TCP app, Can't test by PING )

Ngaf sslvpn 01.4.png

4. Add role bind resources to user

Ngaf sslvpn 01.5.png

5. Set login options (default https login port is 4430)

We can also enable webagent for dynamic IP assgnment.

Ngaf sslvpn 01.6.png

Client:

1. Use https://AFIP:4430 to login SSL VPN

Ngaf sslvpn 01.7.png

2. After login we can see the resources

Ngaf sslvpn 01.8.png