Mettle Knowledge
Search:     Advanced search
Browse by category:

Configuring Client-less SSL VPN

Views: 3913
Votes: 0
Posted: 17 Apr, 2013
by: Knowledge M.
Updated: 18 Apr, 2013
by: Knowledge M.

Mettle SE WebGUI has to be reconfigured to use any other port than 443.
You should have Internet connection configured in Mettle SE.
Server certificate configured in Mettle SE
External Authentication Servers configured in Mettle SE (optional)

Configuring Clientless SSL VPN

Go to Connectivity >> Clientless SSL VPN

Make sure that Enable box is checked.

Select the Interfaces you want the Clientless SSL VPN to accept connections. In most cases this will be WAN

Select the Authentication Server to use. If you have configured external authentication servers in Mettle SE it will be listed here.

Select the Server Certificate to use.

Click on Save button.

Define Resources

Next step is defining network resources that remote users wants to access through the VPN.

Click on Resources on the left menu.

Click on Add New Resource button

Enter Name to identify this resource. The name should be unique.

Select the Protocol

Enter Host. You can optionally specify port number along with host as hostname:port. (eg:

Enter Path if applicable. If your application is accessed by specifying a path enter it here. (eg: For you should enter Path as  /app/)

DNS: You can optionally specify a domain name here. This will be the DNS name that remote users will be using to access this resource. This domain name should resolve to Mettle SE's interface IP where Clientless SSL VPN is configured to accept connections. Note: Mettle Networks strongly recommends configuring resources by DNS names.

Enter a Description and click on Save to finish adding the resource.

Create Groups

Groups allows managing resource access restriction easier when there are a large no. of users. To create a group click on Groups on the left menu and then click on Add New Group button.

Enter the group name and select the resources that this group has access to. Note:  If you have configured external authentication servers, the group name here must match LDAP/Active Directory group.

Click on Save to finish group creation.

Add Users

If you have configured Local Database for authentication servers, you need to add users here. Note:For external authentication servers create users on the LDAP/Active Directory server.

Firewall configuration

You need to make necessary changes in Firewall configuration to allow tcp port 443 on the respective interfaces for remote users to connect to VPN.

Connecting VPN from Remote

Now you can try connecting the VPN from remote location. Open a browser and enter the IP Address (domain name if you have configured DNS in Resource creation) of the Mettle SE's  interface IP where Clientless SSL VPN is configured to accept connections. You will be prompted with a login page.

On successful login user will be displayed a page links to access resources that has been assigned to the user's group.
Also read
document LDAP Server Configuration
document Import SSL certificate to use in Mettle SE

Others in this Category
document Choosing a VPN Technology
document SSL VPN: If SSL VPN Clients Want to Access a Subnet other than "Local network"
document SSL VPN Troubleshooting
document SSL VPN: To make SSL VPN client use VPN as the Default Gateway
document SSL VPN: To exclude some Network from using VPN gateway when VPN is set as default gateway for VPN client
document Setting Up SSL-VPN Server
document SSL VPN Client Certificate Creation
document SSL VPN Client: Windows Client Configuration