The schema for SSL
VPN configuration consists of an object that has a data structure containing
general properties and the following objects:
■
|
advancedConfig
|
■
|
clientConfiguration
|
■
|
ipPools (Array)
|
■
|
privateNetworks (Array)
|
■
|
users (Array)
|
■
|
webResources (Array)
|
■
|
clientInstallPackages
(Array)
|
■
|
authenticationConfiguration
|
■
|
layoutConfigurationDto
|
For an example of the schema for
the SSL VPN configuration, see
Example: Request and
Response to Get the SSL VPN Configuration.
You can edit the default VPN
settings by modifying the elements in the
advancedConfig object.
SSL VPN
CONFIGURATION
|
|
|
|
|
version
|
Number
|
Yes
|
The current version of the SSL VPN
configuration
|
|
enabled
|
Boolean
|
No
|
Whether SSL VPN is enabled for remote sites
|
|
LOGGING (logging)
|
|
enable
|
Boolean
|
No
|
Enables logging for SSL VPN connections
|
|
logLevel
|
String
|
No
|
Sets the log level
|
ADVANCED
CONFIGURATION (advancedConfig)
|
|
|
|
|
enableCompression
|
Boolean
|
No
|
Enables TCP-based intelligent data compression
and improves data transfer speed
|
|
forceVirtualKeyboard
|
Boolean
|
No
|
Allows remote users to enter Web or client
login information only via the virtual keyboard
|
|
randomizeVirtualkeys
|
Boolean
|
No
|
Makes the virtual keyboard keys random
|
|
preventMultipleLogon
|
Boolean
|
No
|
Allows remote users to log in only once with
their user names
|
|
enableLogging
|
Boolean
|
No
|
Maintains a log of the traffic passing through
the SSL VPN gateway
|
|
clientNotification
|
Boolean
|
No
|
Displays a message to remote users after they
log in
|
|
enablePublicUrlAccess
|
Boolean
|
No
|
Allows remote users to access any
site which is not configured (and not listed on Web portal) by the
administrator
|
|
forcedTimeout
|
Integer
|
No
|
Disconnects remote users after the
specified timeout period is over
Specify the timeout
period in minutes.
|
|
sessionIdleTimeout
|
Integer
|
No
|
Ends a user session when there is
no activity on the user's session for the specified period
|
You can change the way the SSL
VPN client tunnel responds when the remote user logs in to SSL VPN.
CLIENT
CONFIGURATION (clientConfiguration)
|
|
|
|
|
autoReconnect
|
Boolean
|
No
|
Automatically reconnects remote users to the
SSL VPN client when they get disconnected
|
|
upgradeNotification
|
|
|
Whether to notify users when their clients are
upgraded
|
|
TUNNEL
CONFIGURATION (tunnelConfiguration)
|
|
excludeLocalSubnets
|
Boolean
|
No
|
Excludes local traffic from flowing through the
VPN tunnel
|
|
gatewayIp
|
String
|
Yes
|
The IP address for the default gateway of the
remote user systems
|
The remote user is assigned a
virtual IP address from the IP pool that you add.
IP POOLS (ipPools –
Array)
|
|
|
|
|
objectId
|
String
|
Yes
|
The ID for the IP pool in the format ippool-X
Note
Leave this element
empty when creating an IP pool by using the PUT method. The system will
auto-generate an object ID.
|
|
ipRange
|
String
|
Yes
|
The beginning and ending IP address for the IP
pool
|
|
netmask
|
String
|
Yes
|
The netmask of the IP pool
|
|
gateway
|
String
|
Yes
|
The IP address to add the routing interface for
the edge gateway
|
|
primaryDns
|
String
|
No
|
The DNS name
|
|
secondaryDns
|
String
|
No
|
The secondary DNS name
|
|
dnsSuffix
|
String
|
No
|
The connection-specific DNS suffix
for domain-based host name resolution
|
|
winsServer
|
String
|
No
|
The WINS server address
|
|
description
|
String
|
No
|
A description for the IP pool
|
|
enabled
|
Boolean
|
No
|
Enables the IP pool
By default,
enabled is set to
true.
|
|
order
|
String
|
No
|
|
Using the API, add the networks
that you want the remote user to be able to access.
PRIVATE NETWORKS
(privateNetworks –
Array)
|
|
|
|
|
objectId
|
String
|
No
|
The ID for the private network in the format
privatenetwork-X
Note
Leave this element
empty when creating a private network by using the PUT method. The system will
auto-generate an object ID.
|
|
network
|
String
|
No
|
The private network IP address
|
|
description
|
String
|
No
|
A description for the network
|
|
enabled
|
Boolean
|
No
|
Enables the private network
|
|
SEND OVER TUNNEL
|
|
ports
|
String
|
No
|
The port numbers that you want to open for the
remote user to access the corporate internal servers; for example, 3389 for
RDP, 20/21 for FTP, and 80 for HTTP
You can choose whether
you want to send private network and Internet traffic over the SSL VPN-Plus
enabled edge gateway or directly to the private server bypassing the edge
gateway.
|
|
optimize
|
Boolean
|
No
|
(Recommended) Optimizes the
Internet speed
Setting this value
enhances the performance of TCP packets within the VPN tunnel but does not
improve performance of UDP traffic.
|
Using the API, you can add a
remote user to the local database.
USERS (users – Array)
|
|
|
|
|
objectId
|
String
|
No
|
The object ID for the user in the format user-X
Note
Leave this element
empty when creating a user by using the PUT method. The system will
auto-generate an object ID for the user.
|
|
userId
|
String
|
No
|
The user ID you create to identify the user
|
|
password
|
String
|
No
|
The password for the user
|
|
firstName
|
String
|
No
|
The first name of the user
|
|
lastName
|
String
|
No
|
The last name of the user
|
|
description
|
String
|
No
|
A description for the user
|
|
disableUserAccount
|
Boolean
|
No
|
The user status
By default,
disableUserAccount is
set to
false.
|
|
passwordNeverExpires
|
Boolean
|
No
|
To always keep the same password
for the user
By default,
passwordNeverExpires is
set to
false.
|
|
changePasswordOnNextLogin
|
Boolean
|
No
|
Requires a user to change the
password the next time the user logs in
By default,
changePasswordOnNextLogin
is set to
false.
|
Add a server that the remote
user can connect to via a Web browser.
Configuring a Web resource
allows a user to access the published Web resource without the need to install
an SSL client locally. Web access in SSL VPN-Plus is a way to share internal
resources (such as CRM, Sharepoint data, and other Web applications) through
the SSL VPN-Plus interface.
WEB RESOURCES
(webResources
– Array)
|
|
|
|
|
objectId
|
String
|
No
|
The object ID for the user in the format
webresource-X
Note
Leave this element
empty when creating a Web resource by using the PUT method. The system will
auto-generate an object ID.
|
|
name
|
String
|
No
|
The name for the Web resource
|
|
url
|
String
|
No
|
The URL of the Web resource that you want
remote users to access
|
|
description
|
String
|
No
|
A description for the Web resource
The description is
displayed on the Web portal when remote users access the Web resource.
|
|
enabled
|
Boolean
|
No
|
Enables the Web resource
The Web resource must be
enabled for remote users to access it. By default,
enabled is set to
true.
|
|
METHOD INFORMATION
(methodInfo)
|
|
name
|
String
|
No
|
Sets the HTTP method so that
remote users can read from or write to the Web resource
|
|
data
|
String
|
No
|
The GET or POST query parameters
|
Using the API, create an
installation package of the SSL VPN-Plus client for remote users.
CLIENT INSTALLATION
PACKAGES (clientInstallPackages –
Array)
|
|
|
|
|
objectId
|
String
|
No
|
The object ID for the user in the format
clientinstallpackage-X
Note
Leave this element
empty when creating a client installation package by using the PUT method. The
system will auto-generate an object ID.
|
|
profileName
|
String
|
No
|
A profile name for the installation package
|
|
createLinuxClient
|
Boolean
|
No
|
Creates an installation package for Linux
operating systems
The installation package
is created for Windows operating system by default.
|
|
createMacClient
|
Boolean
|
No
|
Creates an installation package for Mac
operating systems
The installation package
is created for Windows operating system by default.
|
|
startClientOnLogon
|
Boolean
|
No
|
Starts the SSL VPN client when remote users log
on to the system
|
|
hideSystrayIcon
|
Boolean
|
No
|
Hides the SSL VPN tray icon which indicates
whether the VPN connection is active
|
|
rememberPassword
|
Boolean
|
No
|
Enables the option to remember the password
|
|
silentModeOperation
|
Boolean
|
No
|
Hides the pop-up that indicates installation is
complete
|
|
silentModeInstallation
|
Boolean
|
No
|
Hides installation commands from remote users
|
|
hideNetworkAdaptor
|
Boolean
|
No
|
Hides the VMware SSL VPN-Plus Adapter, which is
installed on remote users’ computers along with the SSL VPN installation
package
|
|
createDesktopIcon
|
Boolean
|
No
|
Creates an icon to invoke the SSL client on
remote users’ desktops.
By default,
createDesktopIcon is
set to
true.
|
|
enforceServerSecurityCertValidation
|
Boolean
|
No
|
The SSL VPN client validates the SSL VPN server
certificate before establishing the secure connection
By default,
enforceServerSecurityCertValidation
is set to
true.
|
|
description
|
String
|
No
|
A description for the installation package
|
|
enabled
|
Boolean
|
No
|
Displays the installation package on the
Installation Package page
By default,
enabled is set to
true.
|
|
GATEWAY LIST
(gatewayList – Array)
|
|
hostName
|
String
|
Yes
|
The IP address or FQDN of the public interface
of the edge gateway
This IP address or FQDN
is bound to the SSL client. When the client is installed, this IP address or
FQDN is displayed on the SSL client.
|
|
port
|
Integer
|
No
|
The port number that you specified
in the server settings for SSL VPN-Plus
|
Using the API, you can add an
authentication server. Instead of a local user, you can add an external
authentication server (AD, LDAP, RADIUS, or RSA) which is bound to the SSL
gateway. All users with accounts on the bound authentication server will be
authenticated.
AUTHENTICATION
CONFIGURATION (authenticationConfiguration)
|
|
|
|
|
PASSWORD
AUTHENTICATION (passwordAuthentication)
|
|
preventMultipleLogon
|
Boolean
|
No
|
Prevents a user from attempting to log in
multiple times in the same session
|
|
authenticationTimeout
|
Integer
|
No
|
Sets the period of inactivity that an
authenticated user is still authenticated after the user's session times out
|
|
PRIMARY AUTHORIZATION SERVER
(primaryAuthServers –
Array)
|
|
primaryAuthServers |
authServers
|
Array | String
|
No
|
The IP address of the primary authentication
server
|
|
SECONDARY AUTHORIZATION SERVER
(secondaryAuthServer)
|
|
authServerType
|
String
|
No
|
The types of authentication servers supported:
AD, RADIUS, LOCAL, ACE, and LDAP
|
|
objectId
|
String
|
No
|
The object ID for the user in the
format authserver-X
|
|
isSecondaryAuthServer
|
Boolean
|
No
|
Whether to use the server as the
second level of authentication
|
|
terminateSessionOnAuthFails
|
Boolean
|
No
|
Ends a user's session for
multiple, concurrent incorrect log in attempts
|
|
enabled
|
Boolean
|
No
|
Enables the secondary
authorization server
|
|
CERTIFICATE AUTHENTICATION
(certificateAuthentication)
|
|
certificateIds
|
String
|
No
|
Associates certificates with the
authentication configuration
If necessary, submit a
GET request to the certificate object to obtain the certificate IDs.
|
You must add SSL VPN server
settings to enable SSL on an edge gateway interface.
SERVER SETTINGS
(serverSettings)
|
|
|
|
|
serverAddresses |
items
|
Array | String
|
Yes
|
An IPv4 or an IPv6 address of the
edge gateway external vNIC interface
|
|
port
|
Integer
|
Yes
|
The port number
By default,
Advanced
Networking Services use port 443, which is the default port for HTTPS/SSL
traffic. A port number is required to configure the installation package;
however, you can set any TCP port for communications.
|
|
certificateId
|
String
|
No
|
The server certificate ID
The certificate has to
be generated by using the certificate REST API and the ID returned is set by
using the
certificateId element.
|
|
cipherList |
cipher
|
Array | String
|
No
|
The encryption method
Any one or more of the
following ciphers can be part of the configuration:
RC4-MD5|AES128-SHA|AES256-SHA|DES-CBC3-SHA
|
|
sslVersionList |
sslVersions
|
Array | String
|
No
|
|
You can configure the web layout
bound to the SSL VPN client.
LAYOUT
CONFIGURATION (layoutConfigurationDto)
|
|
|
|
|
portalTitle
|
String
|
No
|
The portal title
The default value is
VMware.
|
|
companyName
|
String
|
No
|
The remote user's company name
The default value is
VMware.
|
|
logoFile |
items
|
Array | String
|
No
|
The image file for the remote
user's logo
|
|
encodedLogo
|
String
|
No
|
The base64 encoded image of the logo file
|
|
logoExtention
|
String
|
No
|
The extension for the logo file; for example
.jpg
|
|
logoUri
|
String
|
No
|
Uploads the portal logo from the given local
path; for example:
"/api/3.0/edges/edge-97/sslvpn/config/layout/images/portallogo",
|
|
logoBackgroundColor
|
String
|
No
|
Portal color configuration
The default value is
FFFFFF.
|
|
titleColor
|
String
|
No
|
Portal color configuration
The default value is
996600.
|
|
topFrameColor
|
String
|
No
|
Portal color configuration
The default value is
000000.
|
|
menuBarColor
|
String
|
No
|
Portal color configuration
The default value is
999999.
|
|
rowAlternativeColor
|
String
|
No
|
Portal color configuration
The default value is
FFFFFF.
|
|
bodyColor
|
String
|
No
|
Portal color configuration
The default value is
FFFFFF.
|
|
rowColor
|
String
|
No
|
Portal color configuration
The default value is
F5F5F5.
|