Mettle SE WebGUI has to be reconfigured to use any other port than 443.
You should have Internet connection configured in Mettle SE.
Server certificate configured in Mettle SE
External Authentication Servers configured in Mettle SE (optional)
Configuring Clientless SSL VPN
Go to Connectivity
>> Clientless SSL VPN
Make sure that Enable
box is checked.
Select the Interfaces
you want the Clientless SSL VPN to accept connections. In most cases this will be WAN
Select the Authentication Server
to use. If you have configured external authentication servers in Mettle SE it will be listed here.
Select the Server Certificate
Click on Save
Next step is defining network resources that remote users wants to access through the VPN.
Click on Resources
on the left menu.
Click on Add New Resource
to identify this resource. The name should be unique.
Select the Protocol
. You can optionally specify port number along with host as hostname:port. (eg: 192.168.1.1:8080)
if applicable. If your application is accessed by specifying a path enter it here. (eg: For http://192.168.1.1/app/ you should enter Path
: You can optionally specify a domain name here. This will be the DNS name that remote users will be using to access this resource. This domain name should resolve to Mettle SE's interface IP where Clientless SSL VPN is configured to accept connections. Note
Mettle Networks strongly recommends configuring resources by DNS names.
Enter a Description
and click on Save
to finish adding the resource.
Groups allows managing resource access restriction easier when there are a large no. of users. To create a group click on Groups
on the left menu and then click on Add New Group
Enter the group name and select the resources that this group has access to. Note
: If you have configured external authentication servers, the group name here must match LDAP/Active Directory group.
Click on Save
to finish group creation.
If you have configured Local Database for authentication servers, you need to add users here. Note
:For external authentication servers create users on the LDAP/Active Directory server.
You need to make necessary changes in Firewall configuration to allow tcp port 443 on the respective interfaces for remote users to connect to VPN.
Connecting VPN from Remote
Now you can try connecting the VPN from remote location. Open a browser and enter the IP Address (domain name if you have configured DNS in Resource creation) of the Mettle SE's interface IP where Clientless SSL VPN is configured to accept connections. You will be prompted with a login page.
On successful login user will be displayed a page links to access resources that has been assigned to the user's group.