Page tree


In This Document 



Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.




This topic only applies to Armor Complete users. 

Armor offers one free SSL VPN access per account.

To fully use this screen, you must have the following permissions assigned to your account:

  • Write SSL VPN Devices and Users
  • Read SSL VPN Devices and Users
  • Read Virtual Data Centers



Enable, download, and install your SSL VPN access (account administrators)

If you have created a virtual machine, then you must enable and install your SSL VPN client. 

These instructions apply to account administrators.

If you have the Continuous Server Replication (Disaster Recovery) add-on product in your account, then you must download the SSL VPN client for the appropriate live recovery environment.

  • If your primary environment is DFW01, then you should download the client for PHX01-Recovery environment.
  • If your primary environment is PHX01, then you should download the client for DFW01-Recovery environment. 

If you run Ubuntu 16.x, then please review Install SSL VPN Client for Ubuntu 16.x.

If you run Ubuntu 18.x, then please review Install SSL VPN Client for Ubuntu 18.x.

If you run Mac OS 10.11 or higher, then please review Install SSL VPN Client for Mac OS, version 10.11 and higher


  1. (For Account Administrators only) In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. (For Account Administrators only) Click SSL VPN
  3. (For Account Administrators only) Click Members.
  4. (For Account Administrators only) Click the plus ( + ) icon.
  5. (For Account Administrators only) In the drop-down menu, enter and select the name of the user, or their email address.

  6. (For Account Administrators only) Mark the desired data center or data centers that the user can connect to.

  7. (For Account Administrators only Click Submit.

  8. Click Client
  9. Click Download SSL VPN client
    • AMP will automatically detect your operating system; however, you can click Download for another platform to view other operating system options.
    • When you open the client, follow the on-screen installation instructions. 
    • For Windows users, the client will download as a .zip file.

      • Extract the installation files to your local hard drive.
      • Launch the installer.exe file to begin the installation. 

      For Mac OS users, the client will download as a .tgz file.

      • Extract the installation files to your local hard drive.
      • Access the mac_phat_client folder, and then run the naclient.pkg installer.
      • When you run the installer, you will see an error regarding the certificate. Click Continue. (In a future release, Armor will resolve the issue.)
      • To launch the SSL VPN client, in your Applications folder, search for naclient.
      • If you run Mac OS 10.11 or higher, then please review Install SSL VPN Client for Mac OS, version 10.11 and higher
  10. After installation, open the client.
    • In the drop-down menu, default will be listed.
  11. Click Settings.
    • To add a new connection, you must enter a Connection Alias, Hostname/IP Address, and Port, which you can find in AMP.
  12. Return to AMP, specifically to the Client section of the SSL VPN screen.
  13. Use the Client Configuration table to locate the data center and corresponding information to add to the client.


    If you see two entries for the same data center, then you must verify that you are using the non-recovery data center. To determine the correct data center: 1. In the left-side navigation, click IP Addresses. 2. In the top, drop-down menu, select the data center that does not contain the Recovery tag. 3. Take note of the displayed public IP address. 4. In the left-side navigation, click SSL VPN. 5. Under HOST/FQDN, verify the data center that contains the matching public IP address.
  14. Under Client Configuration, copy the Location information, and then paste that information into Connection Alias.
  15. Under Client Configuration, copy the HOST/FQDN information, and then paste that information into Hostname/IP Address.
    • Remove .vpc.armor.com.
    • Replace dashes / hyphens ( - ) with periods ( . ).
    • Remove any zero ( 0 ) that begins a section, such as 085 or 067.
    • For example, if you see in AMP 122-087-074-072, then in the client, you should enter 122.87.74.72.
    • In another example, if you see in AMP 122-087-074-702, then in the client, you should enter 122.87.74.702.
    • OriginalCorrectIncorrect
      122-087-074-072.vpc.armor.com122.87.74.72

      122-087-074-072

      122-87-74-72

      122-087-074-702.vpc.armor.com122.87.74.702

      122-087-074-702

      122-87-74-72

  16. Under Client Configuration, copy the Port information, and then paste that information into Port.
  17. Click Add.
  18. Click OK.
  19. In the drop-down menu, select the newly created connection.
  20. Log into the client.
    • Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP). 


Download and install your SSL VPN  (non-account administrators)

These instructions apply to non-account administrators.

Step 1: Obtain access and permission

Before you can download and install your SSL VPN, the account administrator must add the following permissions to your account: 

  • Write SSL VPN Devices and Users 
  • Read SSL VPN Devices and Users
  • Read Virtual Data Centers 

Additionally, your account administrator must enable your account to download and install the client.

Confirm with your account administrator before you attempt to download and install.  


Step 2: Download and install your SSL VPN client


  1. (For Account Administrators only) In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. (For Account Administrators only) Click SSL VPN
  3. (For Account Administrators only) Click Members.
  4. (For Account Administrators only) Click the plus ( + ) icon.
  5. (For Account Administrators only) In the drop-down menu, enter and select the name of the user, or their email address.

  6. (For Account Administrators only) Mark the desired data center or data centers that the user can connect to.

  7. (For Account Administrators only Click Submit.

  8. Click Client
  9. Click Download SSL VPN client
    • AMP will automatically detect your operating system; however, you can click Download for another platform to view other operating system options.
    • When you open the client, follow the on-screen installation instructions. 
    • For Windows users, the client will download as a .zip file.

      • Extract the installation files to your local hard drive.
      • Launch the installer.exe file to begin the installation. 

      For Mac OS users, the client will download as a .tgz file.

      • Extract the installation files to your local hard drive.
      • Access the mac_phat_client folder, and then run the naclient.pkg installer.
      • When you run the installer, you will see an error regarding the certificate. Click Continue. (In a future release, Armor will resolve the issue.)
      • To launch the SSL VPN client, in your Applications folder, search for naclient.
      • If you run Mac OS 10.11 or higher, then please review Install SSL VPN Client for Mac OS, version 10.11 and higher
  10. After installation, open the client.
    • In the drop-down menu, default will be listed.
  11. Click Settings.
    • To add a new connection, you must enter a Connection Alias, Hostname/IP Address, and Port, which you can find in AMP.
  12. Return to AMP, specifically to the Client section of the SSL VPN screen.
  13. Use the Client Configuration table to locate the data center and corresponding information to add to the client.


    If you see two entries for the same data center, then you must verify that you are using the non-recovery data center. To determine the correct data center: 1. In the left-side navigation, click IP Addresses. 2. In the top, drop-down menu, select the data center that does not contain the Recovery tag. 3. Take note of the displayed public IP address. 4. In the left-side navigation, click SSL VPN. 5. Under HOST/FQDN, verify the data center that contains the matching public IP address.
  14. Under Client Configuration, copy the Location information, and then paste that information into Connection Alias.
  15. Under Client Configuration, copy the HOST/FQDN information, and then paste that information into Hostname/IP Address.
    • Remove .vpc.armor.com.
    • Replace dashes / hyphens ( - ) with periods ( . ).
    • Remove any zero ( 0 ) that begins a section, such as 085 or 067.
    • For example, if you see in AMP 122-087-074-072, then in the client, you should enter 122.87.74.72.
    • In another example, if you see in AMP 122-087-074-702, then in the client, you should enter 122.87.74.702.
    • OriginalCorrectIncorrect
      122-087-074-072.vpc.armor.com122.87.74.72

      122-087-074-072

      122-87-74-72

      122-087-074-702.vpc.armor.com122.87.74.702

      122-087-074-702

      122-87-74-72

  16. Under Client Configuration, copy the Port information, and then paste that information into Port.
  17. Click Add.
  18. Click OK.
  19. In the drop-down menu, select the newly created connection.
  20. Log into the client.
    • Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP). 


Disable SSL VPN for your user 

These instructions apply to account administrators.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click SSL VPN
  3. Click Members.
  4. In the top bar, select the desired data center. 
  5. Locate and hover over the desired user.
  6. Click the trash icon that appears. 
  7. Click Remove Access


View user activity for SSL VPN

You can use these instructions to view how your users have interacted with their SSL VPN device.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  2. Click SSL VPN.
  3. Click Activity.
ColumnDescription
DateThis column displays the date and time that the user interacted with their SSL VPN device.
User Name

This column displays the email address of the user.

In some cases, you may see unknown user listed. The third-party vendor is aware of this bug.

Source IP AddressThis column displays the user's IP address where the authentication took place.
Local IP AddressThis column displays Armor's connection source.



Troubleshoot SSL VPN screen

If you are unable to download and install the SSL VPN client, consider that:

  • Your account administrator has not enabled the client for your account. 
  • You do not have permission to download the client.  
    • You must have the Write SSL VPN Devices and Users, Read SSL VPN Devices and Users, and Read Virtual Data Centers permissions enabled. Contact your account administrator to enable these permissions. To learn how to update your permissions, see Roles and Permissions.

If you are concerned about your billing statement for SSL VPN devices (members), consider that: 

  • You may have members in other data centers. In the top menu, there is a drop-down menu that you can use to switch across different data center views. As a result, when you switch to a different data center view, you may see additional members.
  • If you have the same SSL VPN member in multiple data centers, you will only be billed for the one member. For example, if you have one member in DFW01 and the same member in LHR01, then you will only be billed for one member; however, if you have multiple members in a single data center location, then you will be charged for those additional members. 
    • In short, you will be billed for every unique member, regardless of how many data centers are included. 

Review API calls 


Related documentation