What Is SSL VPN?
Secure Sockets Layer Virtual Private Network (SSL VPN) is a lightweight VPN technology that uses the SSL or TLS protocol to implement remote access.
SSL VPN uses the certificate-based identity authentication, data encryption, and message integrity check mechanisms provided by SSL to establish secure connections for application-layer communication. SSL VPN uses the SSL protocol for authentication and data encryption. As most browsers support the SSL protocol, no additional client needs to be installed for SSL VPN.
After establishing an SSL VPN tunnel with the SSL VPN server on the intranet, a mobile user can use an endpoint — such as a laptop, tablet, or smartphone — to remotely access intranet resources, such as the web server, file server, and mail server.
How Does SSL VPN Work?
When a mobile user accesses an intranet server, a secure connection (SSL VPN tunnel) is established between the mobile user and the SSL VPN server. The standard SSL protocol is used to encrypt transmitted data packets. When the mobile user accesses the SSL VPN server login page, the SSL VPN server authenticates the user. To ensure access security and validity, the SSL VPN server typically supports multiple user authentication modes.
During authentication, the SSL VPN server forwards data packets to the specified intranet server so that the mobile user that passes the authentication can access the server resources allocated by the administrator on the enterprise intranet. SSL VPN can meet all remote access requirements with a web browser.
SSL VPN application scenario
Why Do We Choose SSL VPN?
Employees on business trips or working from home need to remotely access enterprise intranet resources on demand over the Internet. To ensure the security of these resources, multiple user authentication methods and fine-grained access permission control are needed. Two authentication methods for remote access are IPsec VPN and SSL VPN.
As a lightweight VPN technology, SSL VPN is more secure than IPsec VPN and can implement more fine-grained resource control and user isolation. To use SSL VPN, you only need to log in through a browser, with no additional client needed. The ease of access also makes SSL VPN widely used among enterprise and agency employees. SSL VPN works between the transport layer and the application layer. It does not change the IP packet header or TCP packet header, does not affect the original network topology, and does not require a client. SSL VPN is easy to deploy, configure, and maintain, as well as being cost-effective.
SSL VPN vs. IPsec VPN
Huawei SSL VPN Solution
The SSL VPN server is usually deployed inside the egress firewall of an enterprise. A range of Huawei USG series firewall products can directly function as the SSL VPN server.
Mobile users can access four types of intranet resources, listed here in ascending order of access control granularity: web resources, file resources, port resources, and IP resources. To implement fine-grained control over the resource access rights of mobile users, Huawei SSL VPN solution provides access services for each type of resource, including web proxy, file sharing, port forwarding, and network extension.
In terms of user authentication, Huawei USG series firewall products support local authentication and server authentication by user name/password, certificate-anonymous authentication, certificate-challenge authentication, and authentication based on the user name/password and certificate. Moreover, Huawei USG series firewall products classify mobile users into different roles to implement resource access authorization and access control.
Huawei USG series firewall products providing SSL VPN access services for mobile users
- Author: Liu Shutong
- Updated on: 2022-08-09
- Views: 8424
- Average rating: