The web portal allows you to provide access to the company's internal web resources, terminal servers, and SSH servers for remote or mobile users by using only the HTTPS protocol. This technology does not require a special VPN client to be installed; a regular browser will suffice.
To configure the web portal, follow these steps:
|
Name |
Description |
|---|---|
|
Step 1. Enable and configure the web portal. |
In the General settings ➜ Web portal section, enable the portal and configure its settings. The values of the settings are described in more detail later in this chapter. |
|
Step 2. Enable access to the web portal service in the desired zones. |
In the Network ➜ Zones section, allow the web portal service for the selected zones (usually the Untrusted zone). This will grant access to the service port specified in the web portal settings in the previous step. |
|
Step 3. Add internal resources to the web portal. |
In the Global portal ➜ Web portal section, add the URLs of the internal resources which the users need to access. The values of the settings are described in more detail later in this chapter. |
When configuring the web portal (using the General settings ➜ Web portal section), fill in these fields:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables the web portal. |
|
Hostname |
The host name that the users will use to connect to the web portal service. This name should be resolved by the DNS services to the IP address of a NGFW interface belonging to the zone where the web portal service is allowed. |
|
Port |
The TCP port that the web portal service will use. The port and the host name together form the URL for user connections that looks like this: https://host_name:port. |
|
Auth profile |
The user authentication profile that will be used to authenticate the users who connect to the web portal. The authentication profile determines the authentication method, such as AD connector or local user. In addition, in the authentication profile you can require that multi-factor authentication be used for web portal access. For more details on authentication profiles, see the Authentication Profiles section. |
|
Auth page template |
Select the auth page template that will be used to display the login and password entry form. You can create your own auth page in the Response Pages section. |
|
Portal template |
Select the web portal template that will be used to display the resources available via the web portal. You can create your own auth page in the Response Pages section. |
|
Show AD/LDAP domain selector on auth page |
Show a domain selector on the web portal's auth page. |
|
Protect with CAPTCHA |
If enabled, the user will be asked to enter a code shown to them on the web portal's auth page. This is recommended to protect against bots that guess user passwords. |
|
SSL profile |
Select an SSL profile to build a secure web portal access link. For more details on SSL profiles, see the SSL Profiles chapter. |
|
Certificate |
The certificate that will be used to establish an HTTPS connection. If Automatic mode is selected, the certificate issued using the SSL decryption certificate for the captive portal SSL role will be used. For more details on certificate roles, see the Certificate Management section. |
|
Authentication by certificate |
If enabled, the browser will be required to present a user certificate. To that end, the user certificate must be added to the NGFW's certificate list, assigned the User certificate role, and assigned to the corresponding NGFW user. For more details on user certificates, see the Certificate Management section. |
Configuring the web portal (using the Global portal ➜ Web portal section) amounts to creating publishing records for internal resource URLs. For each URL, create a bookmark and fill in the following fields:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables the bookmark. |
|
Name |
The name of the bookmark. |
|
Description |
A description of the bookmark. |
|
URL |
The URL of the resource to be published via the web portal. Specify the full URL, starting with http://, https://, ftp://, ssh://, or rdp://. Important! To publish terminal servers, make sure to disable the Network Level Authentication requirement in the RDP access properties on the terminal access servers. In this case, user authentication for server access will be done by the web portal according to its settings. |
|
Direct domain |
Direct domain is an optional field, which allows access to the published resource from the Internet directly via specified domain name. The protocol (HTTP or HTTPS) and domain must be specified. |
|
Check authorization for RDP sessions |
Terminate the RDP session upon completion of authentication on the web portal on the server side. |
|
Enable transparent authentication |
Прозрачная аутентификация позволяет аутентифицировать пользователя на опубликованном для него приложении. The same data that the user entered when entering the web portal will be used for authentication. For this option to work successfully, the published application must support transparent authentication. |
|
SSL profile |
Select an SSL profile to build a secure web portal access link. For more details on SSL profiles, see the SSL Profiles chapter. |
|
Certificate |
Сертификат, который будет использоваться для для создания HTTPS-соединения между UserGate и сервером. Если выбран режим Выбрать сертификат, то используется сертификат, выпущенный сертификатом SSL дешифрования для роли SSL Captive-портала. Более подробно о ролях сертификатов смотрите в разделе руководства Управление сертификатами. |
|
Icon |
Icon to display on the web portal for this bookmark. You can select one of the predefined icons, specify an external URL at which the icon is available, or upload a custom icon. |
|
Supporting URLs |
Supporting URLs necessary for the main URL to work (but not needed to be published to users). For example, the main URL http://www.example.com may get a part of its media content from the supporting URL http://cdn.example.com. |
|
Users |
The list of users and/or user groups which are allowed to have a bookmark displayed on the web portal and to access the main and supporting URLs. |
The order of the bookmarks on the web portal determines the order in which they are displayed for the user. The administrator can reorder the bookmarks by using the Up/Down and Top/Bottom buttons or dragging and dropping them with the mouse.