< Home

(Optional) Configuring Public Parameters of Multiple Virtual Gateways

Before using the public IP address sharing function among virtual gateways in different virtual systems, you must configure public parameters in the root system.

  1. Choose Network > SSL VPN > Public Configuration.
  2. Configure basic parameters of Public Configuration. The following table lists the parameters.

    Public parameters can only be configured in the root system.

    Parameter

    Description

    Public IP

    Shared public IP address

    Public Domain

    Shared public domain name

    SSL Version

    Shared SSL version. At least one SSL version must be selected. SSL versions include:

    • TLS 1.0
    • TLS 1.1
    • TLS 1.2
    NOTE:

    TLS 1.0 and TLS 1.1 have security risks. TLS 1.2 and higher versions are recommended.

    Public Key Algorithm

    Shared public key algorithm. You can select RSA or SM2 as the shared public key algorithm.

    Local Certificate

    Set this parameter only when the public key algorithm is RSA.

    This is the shared local certificate. You can select one option from the drop-down list:

    • Use the default certificate.
    • Import a local certificate.
    • Select a certificate that has been imported.

    The local certificate is used for certificate authentication. When an SSL connection is set up between a client and a virtual gateway, the virtual gateway sends the local certificate to the client. The CN field value of Local Certificate must be the same as the public IP address or public domain name.

    Signature Certificate

    Set this parameter only when the public key algorithm is SM2.

    This is the shared signature certificate. You can select one option from the drop-down list:

    • Use the default certificate.
    • Import a signature certificate.
    • Select a signature certificate that has been imported.

    The signature certificate is used for certificate authentication. When an SSL connection is set up between a client and a virtual gateway, the virtual gateway sends the signature certificate to the client. The CN field value of Signature Certificate must be the same as the public IP address or public domain name.

    Encryption Certificate

    Set this parameter only when the public key algorithm is SM2.

    This is the shared encryption certificate. You can select one option from the drop-down list:

    • Use the default certificate.
    • Import an encryption certificate.
    • Select an encryption certificate that has been imported.

    The encryption certificate is used for certificate authentication. When an SSL connection is set up between a client and a virtual gateway, the virtual gateway sends the encryption certificate to the client. The CN field value of Encryption Certificate must be the same as the public IP address or public domain name.

    Encryption Suite

    Shared cipher suite. At least one cipher suite must be selected.

    When the public key algorithm is set to SM2, the device can use only 128-bit SM4 encryption with SM2 and an SM3 MAC as the shared cipher suite.
  3. Click Apply.
Parent Topic: Configuring Multiple Virtual Gateways
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >