The schema for SSL VPN configuration consists of an object that has a data structure containing general properties and the following objects:

advancedConfig

clientConfiguration

ipPools (Array)

privateNetworks (Array)

users (Array)

webResources (Array)

clientInstallPackages (Array)

authenticationConfiguration

layoutConfigurationDto

For an example of the schema for the SSL VPN configuration, see Example: Request and Response to Get the SSL VPN Configuration.

You can edit the default VPN settings by modifying the elements in the advancedConfig object.

SSL VPN CONFIGURATION

Element

Type

Required

Description

version

Number

Yes

The current version of the SSL VPN configuration

enabled

Boolean

No

Whether SSL VPN is enabled for remote sites

LOGGING (logging)

enable

Boolean

No

Enables logging for SSL VPN connections

logLevel

String

No

Sets the log level

ADVANCED CONFIGURATION (advancedConfig)

Element

Type

Required

Description

enableCompression

Boolean

No

Enables TCP-based intelligent data compression and improves data transfer speed

forceVirtualKeyboard

Boolean

No

Allows remote users to enter Web or client login information only via the virtual keyboard

randomizeVirtualkeys

Boolean

No

Makes the virtual keyboard keys random

preventMultipleLogon

Boolean

No

Allows remote users to log in only once with their user names

enableLogging

Boolean

No

Maintains a log of the traffic passing through the SSL VPN gateway

clientNotification

Boolean

No

Displays a message to remote users after they log in

enablePublicUrlAccess

Boolean

No

Allows remote users to access any site which is not configured (and not listed on Web portal) by the administrator

forcedTimeout

Integer

No

Disconnects remote users after the specified timeout period is over

Specify the timeout period in minutes.

sessionIdleTimeout

Integer

No

Ends a user session when there is no activity on the user's session for the specified period

You can change the way the SSL VPN client tunnel responds when the remote user logs in to SSL VPN.

CLIENT CONFIGURATION (clientConfiguration)

Element

Type

Required

Description

autoReconnect

Boolean

No

Automatically reconnects remote users to the SSL VPN client when they get disconnected

upgradeNotification

Whether to notify users when their clients are upgraded

TUNNEL CONFIGURATION (tunnelConfiguration)

excludeLocalSubnets

Boolean

No

Excludes local traffic from flowing through the VPN tunnel

gatewayIp

String

Yes

The IP address for the default gateway of the remote user systems

The remote user is assigned a virtual IP address from the IP pool that you add.

IP POOLS (ipPools – Array)

Element

Type

Required

Description

objectId

String

Yes

The ID for the IP pool in the format ippool-X

Note

Leave this element empty when creating an IP pool by using the PUT method. The system will auto-generate an object ID.

ipRange

String

Yes

The beginning and ending IP address for the IP pool

netmask

String

Yes

The netmask of the IP pool

gateway

String

Yes

The IP address to add the routing interface for the edge gateway

primaryDns

String

No

The DNS name

secondaryDns

String

No

The secondary DNS name

dnsSuffix

String

No

The connection-specific DNS suffix for domain-based host name resolution

winsServer

String

No

The WINS server address

description

String

No

A description for the IP pool

enabled

Boolean

No

Enables the IP pool

By default, enabled is set to true.

order

String

No

Using the API, add the networks that you want the remote user to be able to access.

PRIVATE NETWORKS (privateNetworks – Array)

Element

Type

Required

Description

objectId

String

No

The ID for the private network in the format privatenetwork-X

Note

Leave this element empty when creating a private network by using the PUT method. The system will auto-generate an object ID.

network

String

No

The private network IP address

description

String

No

A description for the network

enabled

Boolean

No

Enables the private network

SEND OVER TUNNEL

ports

String

No

The port numbers that you want to open for the remote user to access the corporate internal servers; for example, 3389 for RDP, 20/21 for FTP, and 80 for HTTP

You can choose whether you want to send private network and Internet traffic over the SSL VPN-Plus enabled edge gateway or directly to the private server bypassing the edge gateway.

optimize

Boolean

No

(Recommended) Optimizes the Internet speed

Setting this value enhances the performance of TCP packets within the VPN tunnel but does not improve performance of UDP traffic.

Using the API, you can add a remote user to the local database.

USERS (users – Array)

Element

Type

Required

Description

objectId

String

No

The object ID for the user in the format user-X

Note

Leave this element empty when creating a user by using the PUT method. The system will auto-generate an object ID for the user.

userId

String

No

The user ID you create to identify the user

password

String

No

The password for the user

firstName

String

No

The first name of the user

lastName

String

No

The last name of the user

description

String

No

A description for the user

disableUserAccount

Boolean

No

The user status

By default, disableUserAccount is set to false.

passwordNeverExpires

Boolean

No

To always keep the same password for the user

By default, passwordNeverExpires is set to false.

changePasswordOnNextLogin

Boolean

No

Requires a user to change the password the next time the user logs in

By default, changePasswordOnNextLogin is set to false.

Add a server that the remote user can connect to via a Web browser.

Configuring a Web resource allows a user to access the published Web resource without the need to install an SSL client locally. Web access in SSL VPN-Plus is a way to share internal resources (such as CRM, Sharepoint data, and other Web applications) through the SSL VPN-Plus interface.

WEB RESOURCES (webResources – Array)

Element

Type

Required

Description

objectId

String

No

The object ID for the user in the format webresource-X

Note

Leave this element empty when creating a Web resource by using the PUT method. The system will auto-generate an object ID.

name

String

No

The name for the Web resource

url

String

No

The URL of the Web resource that you want remote users to access

description

String

No

A description for the Web resource

The description is displayed on the Web portal when remote users access the Web resource.

enabled

Boolean

No

Enables the Web resource

The Web resource must be enabled for remote users to access it. By default, enabled is set to true.

METHOD INFORMATION (methodInfo)

name

String

No

Sets the HTTP method so that remote users can read from or write to the Web resource

data

String

No

The GET or POST query parameters

Using the API, create an installation package of the SSL VPN-Plus client for remote users.

CLIENT INSTALLATION PACKAGES (clientInstallPackages – Array)

Element

Type

Required

Description

objectId

String

No

The object ID for the user in the format clientinstallpackage-X

Note

Leave this element empty when creating a client installation package by using the PUT method. The system will auto-generate an object ID.

profileName

String

No

A profile name for the installation package

createLinuxClient

Boolean

No

Creates an installation package for Linux operating systems

The installation package is created for Windows operating system by default.

createMacClient

Boolean

No

Creates an installation package for Mac operating systems

The installation package is created for Windows operating system by default.

startClientOnLogon

Boolean

No

Starts the SSL VPN client when remote users log on to the system

hideSystrayIcon

Boolean

No

Hides the SSL VPN tray icon which indicates whether the VPN connection is active

rememberPassword

Boolean

No

Enables the option to remember the password

silentModeOperation

Boolean

No

Hides the pop-up that indicates installation is complete

silentModeInstallation

Boolean

No

Hides installation commands from remote users

hideNetworkAdaptor

Boolean

No

Hides the VMware SSL VPN-Plus Adapter, which is installed on remote users’ computers along with the SSL VPN installation package

createDesktopIcon

Boolean

No

Creates an icon to invoke the SSL client on remote users’ desktops.

By default, createDesktopIcon is set to true.

enforceServerSecurityCertValidation

Boolean

No

The SSL VPN client validates the SSL VPN server certificate before establishing the secure connection

By default, enforceServerSecurityCertValidation is set to true.

description

String

No

A description for the installation package

enabled

Boolean

No

Displays the installation package on the Installation Package page

By default, enabled is set to true.

GATEWAY LIST (gatewayList – Array)

hostName

String

Yes

The IP address or FQDN of the public interface of the edge gateway

This IP address or FQDN is bound to the SSL client. When the client is installed, this IP address or FQDN is displayed on the SSL client.

port

Integer

No

The port number that you specified in the server settings for SSL VPN-Plus

Using the API, you can add an authentication server. Instead of a local user, you can add an external authentication server (AD, LDAP, RADIUS, or RSA) which is bound to the SSL gateway. All users with accounts on the bound authentication server will be authenticated.

AUTHENTICATION CONFIGURATION (authenticationConfiguration)

Element

Type

Required

Description

PASSWORD AUTHENTICATION (passwordAuthentication)

preventMultipleLogon

Boolean

No

Prevents a user from attempting to log in multiple times in the same session

authenticationTimeout

Integer

No

Sets the period of inactivity that an authenticated user is still authenticated after the user's session times out

PRIMARY AUTHORIZATION SERVER (primaryAuthServers – Array)

primaryAuthServers | authServers

Array | String

No

The IP address of the primary authentication server

SECONDARY AUTHORIZATION SERVER (secondaryAuthServer)

authServerType

String

No

The types of authentication servers supported: AD, RADIUS, LOCAL, ACE, and LDAP

objectId

String

No

The object ID for the user in the format authserver-X

isSecondaryAuthServer

Boolean

No

Whether to use the server as the second level of authentication

terminateSessionOnAuthFails

Boolean

No

Ends a user's session for multiple, concurrent incorrect log in attempts

enabled

Boolean

No

Enables the secondary authorization server

CERTIFICATE AUTHENTICATION (certificateAuthentication)

certificateIds

String

No

Associates certificates with the authentication configuration

If necessary, submit a GET request to the certificate object to obtain the certificate IDs.

You must add SSL VPN server settings to enable SSL on an edge gateway interface.

SERVER SETTINGS (serverSettings)

Element

Type

Required

Description

serverAddresses | items

Array | String

Yes

An IPv4 or an IPv6 address of the edge gateway external vNIC interface

port

Integer

Yes

The port number

By default, Advanced Networking Services use port 443, which is the default port for HTTPS/SSL traffic. A port number is required to configure the installation package; however, you can set any TCP port for communications.

certificateId

String

No

The server certificate ID

The certificate has to be generated by using the certificate REST API and the ID returned is set by using the certificateId element.

cipherList | cipher

Array | String

No

The encryption method

Any one or more of the following ciphers can be part of the configuration: RC4-MD5|AES128-SHA|AES256-SHA|DES-CBC3-SHA

sslVersionList | sslVersions

Array | String

No

You can configure the web layout bound to the SSL VPN client.

LAYOUT CONFIGURATION (layoutConfigurationDto)

Element

Type

Required

Description

portalTitle

String

No

The portal title

The default value is VMware.

companyName

String

No

The remote user's company name

The default value is VMware.

logoFile | items

Array | String

No

The image file for the remote user's logo

encodedLogo

String

No

The base64 encoded image of the logo file

logoExtention

String

No

The extension for the logo file; for example .jpg

logoUri

String

No

Uploads the portal logo from the given local path; for example:

"/api/3.0/edges/edge-97/sslvpn/config/layout/images/portallogo",

logoBackgroundColor

String

No

Portal color configuration

The default value is FFFFFF.

titleColor

String

No

Portal color configuration

The default value is 996600.

topFrameColor

String

No

Portal color configuration

The default value is 000000.

menuBarColor

String

No

Portal color configuration

The default value is 999999.

rowAlternativeColor

String

No

Portal color configuration

The default value is FFFFFF.

bodyColor

String

No

Portal color configuration

The default value is FFFFFF.

rowColor

String

No

Portal color configuration

The default value is F5F5F5.