Filter
Top Products
Virtual Private Networking Using SSL Connections
349
ProSecure Unified Threat Management (UTM) Appliance
WARNING:
Do not enter an existing route for a VPN tunnel client in the
Destination Network and Subnet Mask fields; otherwise, the SSL
VPN Wizard fails when you attempt to apply the settings and the
UTM reboots to recover its configuration.
After you have completed the steps in the SSL VPN Wizard, you can change the client IP
address range and routes by selecting VPN > SSL VPN > SSL VPN Client. For more
information about client IP address range and routes settings, see Configure the SSL VPN
Client on page 365.
Table 91. SSL VPN Wizard Step 4 of 6 screen settings (client addresses and routes)
Setting Description
Client IP Address Range
Enable Full Tunnel Support Select this check box to enable full-tunnel support. If you leave this check box
cleared (which is the default setting), full-tunnel support is disabled but
split-tunnel support is enabled, and you need to add a client route by completing
the Destination Network and Subnet Mask fields.
Note: When full-tunnel support is enabled, client routes are not operable.
DNS Suffix A DNS suffix to be appended to incomplete DNS search strings. This setting is
optional.
Primary DNS Server The IP address of the primary DNS server that is assigned to the VPN tunnel
clients. This setting is optional.
Note: If you do not assign a DNS server, the DNS settings remain unchanged in
the VPN client after a VPN tunnel has been established.
Secondary DNS Server The IP address of the secondary DNS server that is assigned to the VPN tunnel
clients. This setting is optional.
Client Address Range Begin The first IP address of the IP address range that you want to assign to the VPN
tunnel clients.
Client Address Range End The last IP address of the IP address range that you want to assign to the VPN
tunnel clients.
Add Routes for VPN Tunnel Clients
Destination Network Leave this field blank, or specify a destination network IP address of a local
network or subnet that has not yet been used. This setting applies only when
full-tunnel support is disabled.
Subnet Mask Leave this field blank, or specify the address of the appropriate subnet mask. This
setting applies only when full-tunnel support is disabled.