UTM/VPN/SSL VPN-S2S

14.0.3

12.7.1 12.4.1 11.8.7 11.7.3 11.7 11.6.12

Site-to-Site Server

S2S Server

Site-to-Site Client

S2S Client

1 S2S Server

[[Datei: ]] 1

2 S2S Server

[[Datei: ]]

2

3 S2S Server

		[[Datei: ]] 3
Name:	S2S-server
\|\| UDP \|\|
Port:	1194
‍ \|\| cs-ttt-point \|\|
\|\| » 192.168.175.0/24 \|\|

4 S2S Server

			[[Datei: ]] 4
\|\| 192.168.190.0/24 \|\|
\|\| 192.168.190.1/32 \|\| rowspan="2" \|
\|\| 192.168.190.2/24

5 S2S Server

		[[Datei: ]] 5
Name:	S2S-client
\|\| .ttt-point.de \|\|
\|\| »192.168.174.0/24 \|\|

S2S Server

			[[Datei: ]]
Name:	S2S-Server
\|\| tun0 \|\|
Modus:	SERVER
\|\| UDP (Default) TCP \|\|
Port:	1194
\|\| NONE (Default) LOCAL RADIUS \|\|
\|\| cs-ttt-point \|\|
\|\| class=mw11 \| tls-authtls-crypt \|\|
notempty v12.6.1 \|\| SSL-VPN S2S \|\| ‍
notempty v12.6.1 \|\| SSL-VPN S2S \|\| ‍
\|\| AES-256-GCM \|\|
\|\| AES-256-GCM \|\|	BF-CBC DES-EDE-CBC DES-EDE3-CBC CAST5-CBC AES-128-CBC AES-192-CBC AES-256-CBC AES-128-GCM AES-192-GCM AES-256-GCM
\|\| Default \|\|
\|\| Default \|\|	SHA1 SHA224 SHA256 SHA384 SHA512 whirlpool
\|\| \|\|
IPv4 :	192.168.190.0/24
IPv6 :	/64
\|\| \|\|
Search Domain:		afficher
Renegotiation:	1 (Default) 2 4 Stunden 8 Stunden 12 Stunden

S2S Server

		[[Datei: ]]
MTU:	1500
\|\| 1024 \|\|
\|\| \|\| afficher
\|\| \|\| afficher
Multihome:
\|\| \|\|
LZO:
\|\| \|\|
Pass TOS:
\|\| 10 \|\|
\|\| 120 \|\|
\|\| 65536 Bytes \|\|
\|\| 65536 Bytes \|\|
\|\| 64 \|\|
\|\| 15 \|\|

S2S Server

SSL-VPN UTMVPN SSL-VPN Log [[Datei: ]]

SSL-VPN Server-Gegenstelle hinzufügen UTMVPNSSL-VPN [[Datei: ]]

S2S Server

[[Datei: ]]

S2S Server

		[[Datei: ]]
Name:	sslvpn-S2S-Client-Network
\|\| VPN-Netzwerk \|\|
\|\| 192.168.174.0/24 \|\| afficher
Zone:	vpn-ssl-S2S-Server
\|\| \|\| Optional

S2S Server

[[Datei: ]]

#				NAT
9	sslvpn-S2S-client-network	internal-network	default-internet		Accept
10	internal-network	sslvpn-S2S-client-network	default-internet		Accept

Routen

S2S Server

			[[Datei: ]]
\|\| tun2 \|\|
\|\| 192.168.174.0/24 \|\| (S2S Client)
afficher ' ' route set id <ID> flags BLACKHOLE_IF_OFFLINE

1 S2S Client

[[Datei: ]] 1

2 S2S Client

[[Datei: ]]

2

3 S2S Client

		[[Datei: ]] 3
Name:	S2S-client
\|\| UDP \|\|
\|\| CC-S2S-Client-Network1 \|\|

4 S2S Client

5 S2S Client

[[Datei: ]]

5

S2S Client

		[[Datei: ]]
Name:	S2S-client
\|\| tun4 \|\|
Modus:	CLIENT
\|\| UDP (Default) TCP \|\|
\|\| CC-S2S-Client-Network1 \|\|
notempty v12.6.1 \|\| class=mw10 \| tls-authtls-crypt \|\|
notempty v12.6.1 \|\| SSL-VPN S2S \|\|
\|\| AES-256-GCM \|\|
\|\| AES-256-GCM \|\|	BF-CBC DES-EDE-CBC DES-EDE3-CBC CAST5-CBC AES-128-CBC AES-192-CBC AES-256-CBC AES-128-GCM AES-192-GCM AES-256-GCM
\|\| Default \|\|
\|\| Default \|\|	SHA1 SHA224 SHA256 SHA384 SHA512 whirlpool
\|\| \|\|
Renegotiation:	1 (Default) 2 4 8 12

S2S Client

		[[Datei: ]]
MTU:	1500
LZO:
\|\| \|\|
Pass TOS:
\|\| 10 \|\|
\|\| 120 \|\|
\|\| 65536 Bytes \|\|
\|\| 65536 Bytes \|\|
\|\| 64 \|\|
\|\| 15 \|\|

S2S Client

		[[Datei: ]]
Name:	sslvpn-S2S-Server-Network
\|\| \|\|
\|\| 192.168.175.0/24 \|\| afficher
Zone:	vpn-ssl-S2S-client
\|\| \|\| Optional

S2S Client

S2S Client

[[Datei: ]]

#				NAT
5	internal-network	sslvpn-S2S-server-network	default-internet		Accept
4	sslvpn-S2S-server-network	internal-network	default-internet		Accept

S2S Client Routen

S2S Client

			[[Datei: ]]
\|\| tun4 \|\|
\|\| 192.168.175.0/24 \|\| (S2S Server)
afficher ' ' route set id <ID> flags BLACKHOLE_IF_OFFLINE notempty 12.6.2

Multipath

S2S Client

openvpn get  openvpn set id $ID_DES_TUNNELS local_addr $IP_DES_INTERFACES

UTMHTTP-Proxy
\|\| HTTP
\|\| Exclude
\|\| internal-network
\|\| name-vpn-netzwerk-objekt

'

extc-Variable	Default
CONNECTION_RATE_LIMIT_TCP	0
CONNECTION_RATE_LIMIT_TCP_PORTS
CONNECTION_RATE_LIMIT_UDP	20 / 0 ‍
CONNECTION_RATE_LIMIT_UDP_PORTS		[ 1194 1195 ]

afficher

			[[Datei: ]] 4
\|\| 192.168.190.0/24 \|\|
\|\| 192.168.190.1/32 \|\| rowspan="2" \|
\|\| 192.168.190.2/24

		[[Datei: ]]
MTU:	1500
\|\| 1024 \|\|
\|\| \|\| afficher
\|\| \|\| afficher
Multihome:
\|\| \|\|
LZO:
\|\| \|\|
Pass TOS:
\|\| 10 \|\|
\|\| 120 \|\|
\|\| 65536 Bytes \|\|
\|\| 65536 Bytes \|\|
\|\| 64 \|\|
\|\| 15 \|\|

		[[Datei: ]]
Name:	S2S-client
\|\| tun4 \|\|
Modus:	CLIENT
\|\| UDP (Default) TCP \|\|
\|\| CC-S2S-Client-Network1 \|\|
notempty v12.6.1 \|\| class=mw10 \| tls-authtls-crypt \|\|
notempty v12.6.1 \|\| SSL-VPN S2S \|\|
\|\| AES-256-GCM \|\|
\|\| AES-256-GCM \|\|	BF-CBC DES-EDE-CBC DES-EDE3-CBC CAST5-CBC AES-128-CBC AES-192-CBC AES-256-CBC AES-128-GCM AES-192-GCM AES-256-GCM
\|\| Default \|\|
\|\| Default \|\|	SHA1 SHA224 SHA256 SHA384 SHA512 whirlpool
\|\| \|\|
Renegotiation:	1 (Default) 2 4 8 12

		[[Datei: ]]
MTU:	1500
LZO:
\|\| \|\|
Pass TOS:
\|\| 10 \|\|
\|\| 120 \|\|
\|\| 65536 Bytes \|\|
\|\| 65536 Bytes \|\|
\|\| 64 \|\|
\|\| 15 \|\|

UTMHTTP-Proxy
\|\| HTTP
\|\| Exclude
\|\| internal-network
\|\| name-vpn-netzwerk-objekt


extc value get application securepoint_firewall spcli extc value get application securepoint_firewall \| grep RATE	application \|variable \|value --------------------+-------------------------------+----- securepoint_firewall \|… \|… \|CONNECTION_RATE_LIMIT_TCP \|0 \|CONNECTION_RATE_LIMIT_TCP_PORTS\| \|CONNECTION_RATE_LIMIT_UDP \|20 \|CONNECTION_RATE_LIMIT_UDP_PORTS\|
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP value 20 system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP value 0 system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP_PORTS value [ 443 11115 ] system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP_PORTS value [ ] system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP value 20 system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP value 0 system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP_PORTS value [ 1194 1195 ] system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP_PORTS value [ ] system update rule
extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP value 20 extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP_PORTS value [ 443 11115 ] extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP value 20 extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP_PORTS value [ ] system update rule