Manuale d’uso / di manutenzione del prodotto 9000 Series del fabbricante Citrix Systems
Vai alla pagina of 67
Citrix NetScaler Application Switch SSL VPN User ’ s Guide for the Windows® Plat form Release 7.0 Citrix Systems , Inc..
© CITRIX SYSTEMS, INC., 2005. ALL RI GHTS RESERVED. NO PART OF THIS DOCU- MENT MAY BE REPRODUCED OR TRA NSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK (SUCH AS TRANSLATION, TRANSFORMA- TION, OR ADAPTATION) WITHOUT THE EX PRESS WRITTEN PERMISSION OF CITRIX SYSTEMS, IN C.
BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp , NetScaler, and NetScal- er Request Switch are trademarks of Citrix Systems, Inc.
.
SSL VPN User’s Guide i Contents Chapter 1 - SSL VPN Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.1 SSL VPN : Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Chapter 2 - Getting Started .
Contents ii SSL VPN User’s Guide 4.2.3 Managing Domain Confli cts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11 4.2.4 Managing Network Conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 4.2.5 Local LAN Access When Split Tunneling i s Disabled .
SSL VPN User’s Guide 1-1 Chapter 1 SSL VPN Overview SSL VPN is a secure remote access soluti on that provi des point -to-point com- munication between remote users, such as mobile emplo yees, p artners, or resellers, and a private enterprise networ k.
SSL VPN Overview 1-2 SSL VPN User’s Guide The agent is installed on your computer when y ou log on for the first time. Y ou can configure it to log on directly to the gatew ay , without having to log on via the W eb portal. This is known as the native log in mode.
SSL VPN User’s Guide 2-1 Chapter 2 Getting S tarted The preceding chapter cov ered the architectur al details of the SSL VPN client. In this chapter you will learn to use b oth versions of the S SL VPN client and log on to the gatewa y and ac cess intr anet resources.
Getting Start ed 2-2 SSL VPN User’s Guide Figure 2-1 Security Alert window The security alert indicates that there mi ght be discrepancies in the certificate. The possible issues are: • The certificate has expired. • The domain name in the certificate do es not match the domain name of the server .
Getting Started SSL VPN User’s Guide 2-3 Figure 2-2 SSL VPN Login page 3. Enter your user name and password and click Login . When you log on to the SSL VPN gatew ay for the first time, a security w arning is displa yed as shown in the following figure.
Getting Start ed 2-4 SSL VPN User’s Guide Note On a Windows XP-based system, the following dialog box is displayed. Figure 2-4 Security warning on a Windows XP-based computer 4. Click Yes . The Secure R emote Access Session window is display ed as shown in the following figure, and the plug-in b egins to download.
Getting Started SSL VPN User’s Guide 2-5 5. When the download has completed, the Secure Re mote Access Session window displays the following mes sage: "Closing this window will exi t SSL VPN Session". This indicat es that the SSL VPN session is now active.
Getting Start ed 2-6 SSL VPN User’s Guide Figure 2-7 Download prompt page Note For details on w orking with a pop-up blocke r , especially for a computer running Windows XP with SP2, consult the S SL VPN administr ator . Y ou can now access resources on the remote site.
Getting Started SSL VPN User’s Guide 2-7 Figure 2-8 The Security Alert window The security alert indicates that there mi ght be discrepancies in the certificate. The possible issues are: • The certificate has expired. • The domain name in the certificate do es not match the domain name of the server .
Getting Start ed 2-8 SSL VPN User’s Guide Figure 2-9 SSL VPN Login page 3. Enter your user name and password and click Login . When you log on for the first time, the following download pa ge is displ ayed. Cl ick the link to download and install the agent.
Getting Started SSL VPN User’s Guide 2-9 Figure 2-10 Download page 4. When the agent is successfully installed, a security alert is displa yed as shown in the following figure.
Getting Start ed 2-10 SSL VPN User’s Guide 5. Click Yes . The portal page confi gured by the SSL VPN administrator is dis- played in the main brows er window wi th the agent display ed in the system tra y , as shown in the following figure. Figure 2-12 Portal page Y ou can now access resources on the remote site.
Getting Started SSL VPN User’s Guide 2-11 nate an SSL VPN session. 2.4.1 Terminating the Session for the Agent The following procedure covers the st eps to terminate the session for the agent. 1. Check the Windows system tray for the icon. This indicates that the agent is active and that you are curre ntly l ogged on.
Getting Start ed 2-12 SSL VPN User’s Guide 3. Select a cleanup option from the Select Cleanup Level bo x and click Cleanup . The cleanup process is initiated an d the stat us is displayed on the dialog box as shown in the following figure. Figure 2-15 Cleanup dialog box with details 4.
Getting Started SSL VPN User’s Guide 2-13 2.4.2 Terminating the Sessio n for the Browser Plug-in The following procedure covers the st eps to terminate the session for the agent. 1. Click Logout on t he plug-in window . The following message box is dis- played.
Getting Start ed 2-14 SSL VPN User’s Guide Figure 2-18 List pane The Cleanup list consists of check boxes that al low you to select the data types that need to be deleted when you log of f . Based on the configuration on the gatewa y , and the cleanup level that you have chosen, some of the options might appear disabled.
Getting Started SSL VPN User’s Guide 2-15 • Applications that have ac cessed SSL VPN services • Application data • P asswords and autocomplete data stored by br owser • History and URLs type.
Getting Start ed 2-16 SSL VPN User’s Guide Browser cache cookies and temporary files When you select this option and init iate the cleanup process, the client selects data that is stored in the b rowser for deletion. The client deletes all cached files regardless of whether the y were cached from the remote network or the Internet.
SSL VPN User’s Guide 3-1 Chapter 3 Using the SSL VPN Portal The defaul t Portal page is create d based on th e data config ured by the SSL VPN administr ator . The Portal page is sh own in the following figure. This page lists the most commonly accessed intr anet W eb sites and file systems.
Using the SSL VPN Portal 3-2 SSL VPN User’s Guide 3.1 Using Portal Tools The P ortal page has sever al built in tools to assist you in usi ng the SSL VPN. These tools include a ping interface for checking the accessibility of network hosts, tips, online help , the SSL VPN fi le transfer utilit y , and the SSL VPN themes utility .
Using the SSL VPN Portal SSL VPN User’s Guide 3-3 T o create these bookmarks, cl ick on th e ‘add’ li nks on the right side of the page. The f ollowing f igure sh ows the New Bookmark page. In the ‘Name’ field, enter the label to be used for your new link.
Using the SSL VPN Portal 3-4 SSL VPN User’s Guide Figure 3-4 R emove bookmark page Note Y ou can remove only bookmarks listed under the ‘Personal’ column and not those under the configured column. 3.1.2 File Transfer This page allows you to log on to th e intr anet and access shared resources.
Using the SSL VPN Portal SSL VPN User’s Guide 3-5 Figure 3-5 File T ransfer page. The following sections cov er the v arious components of the File T ransfer page. Top Panel The top panel of the browser wind ow disp la ys a number of butt ons that will allow yo u to perform v arious tasks, pertaining to the st orage and tr ansfer of files.
Using the SSL VPN Portal 3-6 SSL VPN User’s Guide Click this button to upload the sele cted file from the local client com- puter to a folder in th e remote file server . Click this button to delete the sele cted file from the remote machine. Click this button to change the na me of a file or folder , which is selected.
Using the SSL VPN Portal SSL VPN User’s Guide 3-7 To log on to a file server 1. Enter the IP address or the name of the server in the Address field. Note If you leave this field blank, you will be logged on to the intranet and not any specific server .
Using the SSL VPN Portal 3-8 SSL VPN User’s Guide 3. Click the Save button. The Sa ve As dialog box is displa yed. 4. Navigate to the appropriate folder , an d click the Save button to sav e the file. To upload a file to the remote server 1. Select the file on the local machine.
Using the SSL VPN Portal SSL VPN User’s Guide 3-9 Figure 3-8 No themes config ured Selecting a theme for the SSL VPN session Under the ‘Themes’ tab on the SSL VPN portal, you can see the themes that the VPN administrat or has made av ailable for use.
Using the SSL VPN Portal 3-10 SSL VPN User’s Guide Figure 3-9 Customize your theme Select the colors you want f or each item on the SSL VPN portal page, the font style and siz e and then click the ‘Sav e Preferences’ button. The customized theme will now repl ace the old theme on the portal page.
SSL VPN User’s Guide 4-1 Chapter 4 Configuring the SSL VPN Client The client supports a minimal set of conf igur ation tasks, based on the policies configured on the gateway . The following chapter covers all the tasks that you can perform on the client.
Configuring the SSL VPN Client 4-2 SSL VPN User’s Guide Figure 4-1 Gateway Enterpr ise Edition dialog box Enter the appropriate password in the P assword field and click Connect . A security alert is displaye d as shown in the following figure. The security alert indicates that there might b e discrepancies in the certificate.
Configuring the SSL VPN Client SSL VPN User’s Guide 4-3 4.1.2 Configuring Native Login If you typicall y use the SS L VPN for n on-W e b browser related acti vities such as using an e-mail client, downloadi ng files via FTP , etc. , you might prefer the Native Login mode.
Configuring the SSL VPN Client 4-4 SSL VPN User’s Guide Figure 4-4 Change Profile d ialog box 4. Click the Optio ns tab. The Options p ane is displayed.
Configuring the SSL VPN Client SSL VPN User’s Guide 4-5 5. Select the Use native login window for next time login option and click OK . The updated configur ation details of the profile are displa yed.
Configuring the SSL VPN Client 4-6 SSL VPN User’s Guide 5. Enter the lo gin credenti als for the new gatew ay and click Connect . 4.1.4 Configuring Proxy Settings Y ou can configure the client to connect to the SSL VPN gat eway via a proxy server . The following procedure lists th e steps to configure the proxy server settings on the client.
Configuring the SSL VPN Client SSL VPN User’s Guide 4-7 1. Check the Windows system tray for the icon. This indicates that the agent is idle and that yo u are currently logged out. If the icon is absent, click Start > Programs > Citrix Acce ss Gatewa y Enterprise Edition > Launch SSL VPN client .
Configuring the SSL VPN Client 4-8 SSL VPN User’s Guide 2. Right- click the icon and select Login from the short-cut menu. The Citrix Access Gateway Enterprise Edi tion dialog box is displayed as shown i n Figure 4-6. 3. Right- click Right-click for advanced options and select Show Secondary Password from the short-cut menu.
Configuring the SSL VPN Client SSL VPN User’s Guide 4-9 the traffic is sent to the local LAN or th e Internet. Y ou can view the list of IP addresses, ports, and applications in th e Profile pane of the Configuration dia- log box a s shown in the f ollowin g figure.
Configuring the SSL VPN Client 4-10 SSL VPN User’s Guide • ON: When you choose this option, Split T unneling is enab led. The client compares the destination IP address, or port, or application name of t he packets agai nst the v alues configured by the S SL VPN administr ator on the gateway .
Configuring the SSL VPN Client SSL VPN User’s Guide 4-11 when Split T unneling is enabled. This setting has three options; Local, Remote, and Both. • Local : When you choo se the Local optio n , all DNS lookups are sent to the DNS server on your local LAN.
Configuring the SSL VPN Client 4-12 SSL VPN User’s Guide local and remote networks. As the domain exists on both netw orks, a domain conflict occurs. Figure 4-9 Domain conflicts caused by identical domains Note When split tunneling is disabled, the local domain is not included during the lookup and the Domain/IP Conflict pane is disabled.
Configuring the SSL VPN Client SSL VPN User’s Guide 4-13 8. Click OK to exit the Configur ation dialog box. 4.2.4 Managing Network Conflicts As ment ioned in the C onfigu ring Sp lit T unneling sect.
Configuring the SSL VPN Client 4-14 SSL VPN User’s Guide Figure 4-11 Incorrect routing of traffic due to network conflicts Note When split tunneling is disabled, access to the local network is disabled. This group box is unav ailable when split tunneling is disabled.
Configuring the SSL VPN Client SSL VPN User’s Guide 4-15 The client is aware of your local LAN IP settings. Whe n it inte rcepts traffic, it examines the destination IP address. It belongs to the local LAN, the client does not send it through the secure SSL VPN tunnel.
Configuring the SSL VPN Client 4-16 SSL VPN User’s Guide.
SSL VPN User’s Guide 5-1 Chapter 5 T roubleshooting the SSL VPN Client This chapter covers the troubleshooting of the SSL VPN browser p lug-in and the agent. The followi ng topics are described i n this chapter: • Debugging the SSL VPN Client • SSL VPN Session Error Codes • Compression Statistics • Connection Logs 5.
Troubleshooting the SSL VPN Client 5-2 SSL VPN User’s Guide from one of four levels of deta il as shown in the following figure. Figure 5-1 Tr a c e T a b 5.2 SSL VPN Session Error Codes The error codes, displayed by the S SL VPN session window , are displayed in the following table.
Troubleshooting the SSL VPN Client SSL VPN User’s Guide 5-3 Table 5-2 Specific error codes displayed by the S S L VPN session Codes Message Explanation Action 0001 "Loading .
Troubleshooting the SSL VPN Client 5-4 SSL VPN User’s Guide 1001 "Internal Error, please report to admin" This message indicates that the plug-in has failed to open the interception file. It could also mean that the cleanup program is running while trying to establish the session.
Troubleshooting the SSL VPN Client SSL VPN User’s Guide 5-5 1008 "Internal Error, please report to admin" This message indicates that the SSL VPN client has a socket-handling problem. Log off from the SSL VPN session and login again. Contact the SSL VPN administrator if error persists.
Troubleshooting the SSL VPN Client 5-6 SSL VPN User’s Guide 1013 1013(2 ) 1013(3 ) 1013(4 ) “Failed to parse configuration(n um)” The configuration downloaded by the client from the kernel is incorrect. The 'num' value displays further error indicators.
Troubleshooting the SSL VPN Client SSL VPN User’s Guide 5-7 2005 "Need to upgrade endpoint security software" This message indicates that endpoint security software has not been upgraded. Contact the SSL VPN administrator to upgrade the required security software.
Troubleshooting the SSL VPN Client 5-8 SSL VPN User’s Guide 2013 "Failed to parse forward proxy setting." The plug-in failed to par se the Internet Explorer or Firefox forward proxy setting. Correct the Internet Explorer configuration under Tools -> Internet Options -> Connections ' LAN Settings.
Troubleshooting the SSL VPN Client SSL VPN User’s Guide 5-9 2017 "You are in a quarantine group. Certain applications will be unavailable" OR “Custom message configured by the SSL VPN administrator through -clientsecuritym essage option.
Troubleshooting the SSL VPN Client 5-10 SSL VPN User’s Guide 5.3 Compression Statistics The compression tab displa ys statist ics about the current SSL VPN session’ s TC P traffi c compression r ates, broken down by indivi dual connections. The col- umns on this tab include the followi ng statistics.
Troubleshooting the SSL VPN Client SSL VPN User’s Guide 5-11 Figure 5-2 Compression T ab 5.4 Connection Logs Y ou can use the connection logs to trou bleshoot connection-r elated issues. The following procedure lists the steps to access the connection logs.
Troubleshooting the SSL VPN Client 5-12 SSL VPN User’s Guide Figure 5-3 Connection log If you are using the browser plug -in, use the followi ng procedure. 1. Click Configuration in the plug-in window . The Configuration dialog box is display ed. 2.
SSL VPN User’s Guide 6-1 Chapter 6 F AQs Why does the SSL VPN need a Windows account with administ rative privileges? The SSL VPN browser plug- in inserts a new lay er between the application and Windows K ernel. This operation requires administr ative privil ege in a Windows account.
FAQs 6-2 SSL VPN User’s Guide Why doesn't the SSL VPN work when my Personal Firewall is enabled? The SSL VPN opens a server port on the local PC. The default port number is 3128. If the port is used being by another applic ation, the plug-in searches for the next av ailable port.
SSL VPN User’s Guide A-1 Appendix A Uninstalling the SSL VPN Clients This chapter covers the procedures fo r uninstalling the pl ug-in and the agent. A.1 Uninstalling the Browser Plug-in T o uninstall the plug-in, perform the following procedure. 1.
A-2 SSL VPN User’s Guide Figure A-2 Settings dialog box 2. Click View Objects. The Downloaded Pr ogr am Files folder is display ed. This folder contains all of the W eb browser plug-ins.
SSL VPN User’s Guide A-3 Figure A-3 Downloaded Progr am Files folder T o uninstall the plug-in, delete Ns load Co ntrol by right- clicking it and selecting the Remo ve option from the shortcut menu. A.2 Uninstalling the Agent Y ou can uninstall the agent by launching the Add/R emove Progr ams applica- tion.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Citrix Systems 9000 Series è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Citrix Systems 9000 Series - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Citrix Systems 9000 Series imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Citrix Systems 9000 Series ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Citrix Systems 9000 Series, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Citrix Systems 9000 Series.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Citrix Systems 9000 Series. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Citrix Systems 9000 Series insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.