9.3. Setting up an web portal

Web portal allows you to provide access to the internal web resources, terminal servers, and SSH servers for remote or mobile employers using only the HTTPS protocol. This technology does not require installing any additional VPN software and works directly in most of the popular browsers.

To set up web portal, perform the following steps:

Name

Description

Step 1. Enable and set up the web portal.

Go to General settings-->web portal, enable web portal and set up its parameters. These settings are described in more detail below in this section.

Step 2. Allow the access to the web portal service for the required zones.

Go to Network-->Zones and allow the web portal service for the selected zones (in most cases, it the Untrusted zone). This will grant access to the port of the service specified in the web portal settings in the previous step.

Step 3. Add the internal resources to the web portal.

Go to VPN-->web portal and add the URLs of internal resources to which you are going to provide access for users. These settings are described in more detail below in this section.

When setting up the web portal (in General settings-->web portal-->Configure), fill out the following fields:

Name

Description

Enabled

Enable or disable the web portal.

Hostname

A host name that must be used on the client side for connecting to the web portal service. This name must be resolved by the DNS service into the IP address of the UserGate interface placed in the zone where the web portal is allowed.

Port

A TCP port that will be used by the web portal service. This port together with the host name compose the URL that will be utilized by users for establishing connections: https://hostname:port

Auth profile

The user authentication profile that will be utilized for authentication of users who connect to the web portal. The authentication profile defines an authentication method, e.g. the AD connector or a local user. In addition, you can also set up mandatory multi-factor authentication for accessing the web portal. For more details on authentication profiles, please refer to Auth profiles.

Auth template

Select an authentication page template that will be displaying a user form for entering credentials. You can create a custom authentication page in Response pages.

Portal template

Select an web portal template that will be displaying the resources available via web portal. You can create a custom authentication page in Response pages.

Show AD/LDAP domain selector on auth page

Display domain selector on web portal auth page

Protect with CAPTCHA

When this option is enabled, users will be asked to enter a code displayed on the login page of the web portal. This option is recommended for protection against bots trying to brute-force user passwords.

Certificate

The certificate that will be used for establishing HTTPS connections. When the Automatic mode is selected, the system will use a certificate issued by the SSL inspection certificate for the Captive portal SSL certificate role. For more details on certificate roles, please refer to Managing certificates.

Certificate-based user authentication

When this option is enabled, browsers will be required to provide user certificates. To do this, make sure to add the user certificate to the list of UserGate certificates, and also assign it the User certificate role and the corresponding user account. For more details on user certificates, please refer to section Managing certificates.

To set up an web portal (in VPN-->web portal), make sure to create URL publication bookmark for the internal web resources. Create a bookmark and fill out the following fields for each URL:

Name

Description

Enabled

Enable or disable the tab.

Name

Name of the tab.

Description

Description of the tab.

URL

URL of the resource that will be published via the web portal. Make sure to provide a complete URL starting with http://, https://, ftp://, ssh:// or rdp://

Important! To publish the terminal servers, make sure to disable the Network Level Authentication option in RDP properties of terminal servers. In this case, users will be authenticated and provided with the access to the servers through the web portal depending on its settings.

Icon

An icon that will be displayed on the web portal for this tab. You can choose any ready-to-use icon, provide an URL of an external icon or upload a custom icon.

Supporting URLs

Additional URLs that are required for the primary URL, but are not supposed to be published for users. For instance, the primary URL http://www.example.com may obtain some of the content from the supporting URL http://cdn.example.com.

Users

A list of users and/or user groups that are allowed to view the bookmark on the web portal and also access the primary and supporting URLs.

The order of bookmarks on the web portal is the same as will be seen by users. Administrators can reorder the bookmarks either using the Up, Above, Below, Down buttons or by dragging the tabs with a mouse.