Properties

Name

Name of this interface. (Identifier)

ClientIPAddresses

The pool of IP addresses to assign to clients.

LocalEndpoint

Specifies the IP addresses clients are connecting to.

RemoteEndpoint

Specifies the IP addresses clients are connecting from. (Default: all-nets)

LocalNetwork

The network on "this side" of the SSL VPN tunnel. The SSL VPN tunnel will be established between this network and the clients. A route to this network is pushed to clients.

TransportProtocol

Transport protocol for SSL VPN. (Default: TCPUDP)

UDPPort

UDP port on which the server is listening. (Default: 1194)

TCPPort

TCP port on which the server is listening. (Default: 443)

KeepAliveInterval

Keep-alive messages are sent through the SSL tunnel to inform peers that the VPN connection is still active. The keep-alive timer interval is the period of time, in seconds, between each keep-alive message. (Default: 10)

KeepAliveTimeout

The keep-alive timeout is the period of time, in seconds, after which the server closes a connection where no keep-alive messages from the client has been seen. (Default: 120)

ReplayWindow

Size of window used to store previously seen packet IDs, used in replay protection for data channel. (Default: 512)

DataChannelCipher

Cipher to use on data channel. (Default: AES-256-GCM)

ControlChannelCipher

Cipher to use on control channel. (Default: ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-GCM-SHA384, DHE-RSA-AES256-GCM-SHA384)

DNS1

IP of the primary DNS server. (Optional)

DNS2

IP of the secondary DNS server. (Optional)

SourceInterface

The interface that SSL VPN traffic is received on. (Default: any)

AuthProfile

Specifies which authentication profile the client should be authenticated with.

ClientGeolocation

Specifies the valid geolocation of the connecting clients. (Default: any-region)

ServerCert

Certificate used by SSL VPN server.

ServerIntermediateCert

Intermediate certificates to send to client with server certificate. (Optional)

ClientCACert

Client certificates must be signed by this CA. (Optional)

ProxyARPInterfaces

Specifies the interfaces on which the system should publish routes via Proxy ARP. (Optional)

ChallengeText

Specifies the challenge text that shall be sent to SSLVPN clients during MFA. This text will override any text received from a remote authentication source like RADIUS. Setting this to 'empty' will disable challenge text override. (Optional)

Metric

Specifies the metric of dynamically added routes. (Default: 90)

MTU

Specifies the size (in bytes) of the largest packet that can be forwarded. (Default: 1500)

IPAddress

The interface's IP addresses. (Default: 0)

IP4Broadcast

The interface's IPv4 broadcast address. (Optional)

RoutingTableMembership

Interface's routing table membership. (Default: <all>)

LogEnabled

Enable logging. (Default: Yes)

SecurityEquivalentInterfaces

Security and transport equivalent interfaces. (Optional)

Zone

Specifies the zone that this interface is a member of. (Optional)

Comments

Text describing the current object. (Optional)