VPN redirection is a feature that validates the user's access to the VPN before letting them sign in without.
You can set it up in the following ways:
- Once per device, when registering it.
- Every time a user wants to sing in.
How VPN redirection works?
After the device performs lyncdiscover it will be redirected to a unique hostname that will trigger the split tunnel VPN.
That host will send traffic to the DMZ Bastion server via an internal IP address. That way the LAC filter will be able to know if the traffic came from the VPN.
How to setup VPN redirection?
IP Filtering Page
1.Navigate to the 'IP Filtering' page in the Access Portal
2
.
Set traffic to 'SfB Mobile'
You can set up 'Access Level' in the following 2 ways:
- All - IP range will be allowed for all type of connections
- First Sign In - IP range will be allowed only for first time login/registration
Enter the beginning and the end of the IP range.
3. Click save
Registration Page
1.Navigate to the 'Registration' page in the Access Portal
2. Set 'Require registration via VPN' to YES.
3. Add the appropriative values to the following attributes:
Front End pool FQDN
VPN Host name for Bastion - this is the VPN hostname that will also appear in thre Bastion.xml configuration file.
Restart the Bastion service