When creating a virtual gateway, you must set SSL parameters, so that users can establish SSL connections using the configured SSL parameters.
Parameter |
Description |
|---|---|
SSL Version |
SSL version of the virtual gateway. When the virtual gateway shares a public IP address, this parameter is not configurable. By default, the SSL version in the public configuration is used. |
Public Key Algorithm |
Public key algorithm of the virtual gateway. You can select RSA or SM2 as the public key algorithm of the virtual gateway. When the virtual gateway is a shared virtual gateway with the shared public IP address, this parameter cannot be set. By default, the public key algorithm in the public configuration is used. |
Local Certificate |
Set this parameter only when the public key algorithm is RSA. This is the local certificate of the virtual gateway. You can select one option from the drop-down list:
The local certificate is used for certificate authentication. When an SSL connection is set up between a client and a virtual gateway, the virtual gateway sends the local certificate to the client. The value of the CN field in Local Certificate must be the same as the virtual gateway address or domain name. When the virtual gateway is a shared virtual gateway with the shared public IP address, the local certificate in the public configuration is used by default. |
Signature Certificate |
Set this parameter only when the public key algorithm is SM2. This is the signature certificate of the virtual gateway. You can select one option from the drop-down list:
The signature certificate is used for certificate authentication. When an SSL connection is set up between a client and a virtual gateway, the virtual gateway sends the signature certificate to the client. The value of the CN field in Signature Certificate must be the same as the virtual gateway address or domain name. When the virtual gateway is a shared virtual gateway with the shared public IP address, the signature certificate in the public configuration is used by default. |
Encryption Certificate |
Set this parameter only when the public key algorithm is SM2. This is the encryption certificate of the virtual gateway. You can select one option from the drop-down list:
The encryption certificate is used for certificate authentication. When an SSL connection is set up between a client and a virtual gateway, the virtual gateway sends the encryption certificate to the client. The value of the CN field in Encryption Certificate must be the same as the virtual gateway address or domain name. When the virtual gateway is a shared virtual gateway with the shared public IP address, the encryption certificate in the public configuration is used by default. |
Encryption Suite |
Cipher suite of the virtual gateway. When the public key algorithm is set to SM2, the device can use only 128-bit SM4 encryption with SM2 and an SM3 MAC as the shared cipher suite. When the virtual gateway shares a public IP address, this parameter is not configurable. By default, the cipher suite in the public configuration is used. |
Session Timeout |
Session timeout duration. If the session of a user remains idle for more than the specified period of time (timeout), the session is automatically terminated and the SSL VPN login page is displayed. NOTE:
After the keepalive function of network extension is enabled, the SSL VPN gateway does not automatically log out even if no operation is performed within the session timeout period. |
Unrestricted Lifecycle |
A user is constantly online after login. The maximum online duration is not limited. |
Lifecycle |
Maximum online duration of a user after login. |