The SSL VPN application can be used to create Remote-access VPN connection. It is a highly secure functionality which essentially allows users to connect to a remote network with the help of secured SSL based connections. Crystal Eye provides cutting edge technology ensuring smooth connectivity over a VPN network. The TLS security certificate that is deployed using the Crystal Eye interface ensures an encrypted connection making it possible for multiple users to connect to a central site.
|Left-hand Navigation Panel > Network Control > SD-WAN > SSL VPN|
Crystal Eye XDR’s SSL VPN application has a dedicated dashboard for downloading SSL VPN configuration file called ‘VPN User’. This dashboard also displays default SSL VPN server users related details such as Username, VPN IP of the user, external IP address of the user and connection status.
How to download a common VPN configuration for all the SSL VPN users created in the Crystal Eye XDR?
Step 1: Go to Network Control > SD-WAN > SSL VPN and then click the VPN Users tab.
Step 2: You will now see all the SSL VPN users in the VPN Users dashboard. Click the Generate User Certificate icon next to any one of the VPN users listed in the dashboard.
Step 3: Once the user certificate is generated, you will see a download icon and a send VPN configuration via email icon. Click the download icon to download the VPN configuration.
Note: Place the downloaded zip file in a folder and extract the files. Once you extract the files you will see three folders with VPN config files for Linux users, Mac users and MS OS users. You will also see a multi-factor authentication QR code image.
Crystal Eye XDR’s SSL VPN end point application can be configured based on the operating system used by the SSL VPN User.
Note: The Crystal Eye XDR end point SSL VPN application can be explicitly configured to support Linux, MAC OS and MS OS users.
The configuration process of the end point SSL VPN app includes extracting the setup file from the zip file and then running installation wizard. Once the app is installed a shortcut icon will be created in desktop. Once the end point SSL VPN application is opened, the VPN configuration application needs to be imported to the app and the server name must be selected followed by entering the user credentials and the one time password.
Note: The multi-factor authentication feature of the end point SSL VPN app sheds light of the fact that it supports ‘Zero Trust Networking’.
How to configure CE XDR’s SSL VPN end point application for Microsoft operating system users?
Note: Please ensure that Multifactor Authentication is selected in the VPN server section of the SSL VPN application in your Crystal Eye XDR appliance.
Step 1: Download the end client and extract the RP SSL VPN Windows Installer Package.
Step 2: You will now see the Red Piranha SSL VPN Client Setup Wizard. Click the Next button.
Note: The installer will guide you through the steps required to install Red Piranha SSL VPN Client on your computer.
Step 3: Select the Installation Folder using the Browser button and click the Next button.
Step 4: Click the Next button to start the installation.
Step 5: You will now see a Windows User Account Control pop-up box. Click the Yes button to allow the installation process to continue.
Step 6: You will now see the loading bar highlighting the ongoing installation. As the installation proceeds, you will also see a Windows Security pop-up box confirming the installation. Click the Install button.
Step 7: You will now see the Installation Complete message. Click the Close button.
Step 8: You will see the Red Piranha SSL VPN shortcut icon on your desktop screen. Double-click the icon.
Note: You will now see the Red Piranha SSL VPN end client application.
Step 9: Now click the Import File button on the end point app GUI and then import the VPN configuration file in windows folder.
Note: Make sure you place the VPN configuration file in a folder with the ca.cert file while you import it to the end point SSL VPN application (as shown in the screenshot above). The VPN file name would be identical to the SSL VPN user created in the CE XDR. In our case, the name of the VPN file is test_user1. This file can be shared with all the VPN users.
Step 17: Click the dropdown icon next to the Select Server textbox and select the server name which would be identical to the SSL VPN username created in the Crystal Eye XDR appliance.
Note: In our case, we would select anish.
Step 18: Now enter the user credentials of the SSL VPN user in the designated textbox and click the Connect button.
Note: These credentials are the ones which were generated while creating the user account. To know the user credentials, go to System Configuration > Account Roles > Users and click the edit button next to the user.
Step 19: Download the google authenticator application from Google Play Store and scan the MFA QR Code downloaded with the VPN configuration. Once the QR Code has been scanned successfully you will see a 6-digit one time password (OTP).
Step 20: Enter the OTP and click the Connect button in the end point SSL VPN application user interface.