Armor Knowledge Base
Space shortcuts
Page tree


Armor Knowledge Base

Topics Discussed


Removed from docs.armor.com 7.20.21 w/ new page adding Cisco AnyConnect documentation

Armor offers one free SSL VPN user per account.

To fully use this screen, you must have the following permissions assigned to your account:

  • Write SSL VPN Devices and Users
  • Read SSL VPN Devices and Users
  • Read Virtual Data Centers


Enable, Download, and Install Your SSL VPN Access (Account Administrators)

If you have created a virtual machine, then you must enable and install your SSL VPN client. 

These instructions apply to account administrators.

If you have the Continuous Server Replication (Disaster Recovery) add-on product in your account, then you must download the SSL VPN client for the appropriate live recovery environment.

  • If your primary environment is DFW01, then you should download the client for ORD01-Recovery environment.
  • If your primary environment is ORD01, then you should download the client for DFW01-Recovery environment. 



For Account Administrators only.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click SSL VPN
  3. Click Members.
  4. Click the plus ( + ) icon.

  5. In the field, enter and select the name of the user, or their email address.

  6. Mark the desired data center or data centers that the user can connect to.

  7. Click Submit.

    • The newly added user will appear in the table; the table is organized in alphabetical order, based on the first name of the user. 
  8. Click Client
  9. Click Download SSL VPN client
    • AMP will automatically detect your operating system; however, you can click Download for another platform to view other operating system options.

    • When you open the client, follow the on-screen installation instructions. 

      • For Windows users, the client will download as a .zip file.

        • Extract the installation files to your local hard drive.
        • Launch the installer.exe file to begin the installation. 

      • For Mac OS users, the client will download as a .tgz file.

        • Extract the installation files to your local hard drive.
        • Access the mac_phat_client folder, and then run the naclient.pkg installer. 
        • When you run the installer, you will see an error regarding the certificate. Click Continue. (In a future release, Armor will resolve the issue.)
        • To launch the SSL VPN client, in your Applications folder, search for naclient.
  10. After installation, open the client.
    • In the drop-down menu, default will be listed. 



  11. Click Settings.
    • To add a new connection, you must enter a Connection Alias, Hostname/IP Address, and Port, which you can find in AMP. 



  12. Return to AMP, specifically to the Client section of the SSL VPNscreen.

  13. Use the Client Configuration table to locate the data center and corresponding information to add to the client. 



  14. Under Client Configuration, copy the Location information, and then paste that information into Connection Alias.
  15. Under Client Configuration, copy the HOST/FQDN information, and then paste that information into Hostname/IP Address.
  16. Under Client Configuration, copy the Port information, and then paste that information into Port.
  17. Click Add.
  18. Click OK.
  19. In the drop-down menu, select the newly created connection.
  20. Log into the client.
    • Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP). 


Download and Install Your SSL VPN  (Non-Account Administrators)

These instructions apply to non-account administrators.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click SSL VPN
  3. Click Members.
  4. Click the plus ( + ) icon.

  5. In the field, enter and select the name of the user, or their email address.

  6. Mark the desired data center or data centers that the user can connect to.

  7. Click Submit.

    • The newly added user will appear in the table; the table is organized in alphabetical order, based on the first name of the user. 
  8. Click Client
  9. Click Download SSL VPN client
    • AMP will automatically detect your operating system; however, you can click Download for another platform to view other operating system options.

    • When you open the client, follow the on-screen installation instructions. 

      • For Windows users, the client will download as a .zip file.

        • Extract the installation files to your local hard drive.
        • Launch the installer.exe file to begin the installation. 

      • For Mac OS users, the client will download as a.tgz file.

        • Extract the installation files to your local hard drive.
        • Access the mac_phat_client folder, and then run the naclient.pkg installer. 
        • When you run the installer, you will see an error regarding the certificate. Click Continue. (In a future release, Armor will resolve the issue.)
        • To launch the SSL VPN client, in your Applications folder, search for naclient.
        • If you run Mac OS 10.11 or higher, then please review Install SSL VPN Client for Mac OS
  10. After installation, open the client.
    • In the drop-down menu, default will be listed. 



  11. Click Settings.
    • To add a new connection, you must enter a Connection Alias, Hostname/IP Address, and Port, which you can find in AMP. 



  12. Return to AMP, specifically to the Client section of the SSL VPN screen.

  13. Use the Client Configuration table to locate the data center and corresponding information to add to the client. 



  14. Under Client Configuration, copy the Location information, and then paste that information into Connection Alias.
  15. Under Client Configuration, copy the HOST/FQDN information, and then paste that information into Hostname/IP Address.
  16. Under Client Configuration, copy the Port information, and then paste that information into Port.
  17. Click Add.
  18. Click OK.
  19. In the drop-down menu, select the newly created connection.
  20. Log into the client.
    • Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP). 


Disable SSL VPN for your user 

These instructions apply to account administrators.

To disable SSL VPN for a user, you must have the following permissions assigned to your account:

  • Write SSL VPN Devices and Users 
  • Read SSL VPN Devices and Users
  • Read Virtual Data Centers 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click SSL VPN
  3. Click Members.
  4. In the top bar, select the desired data center. 
  5. Locate and hover over the desired user.
  6. Click the trash icon that appears. 
  7. Click Remove Access


View user activity for SSL VPN

You can use these instructions to view how your users have interacted with their SSL VPN device.

To view user activity for SSL VPN users, you must have the following permissions assigned to your account:

  • Write SSL VPN Devices and Users 
  • Read SSL VPN Devices and Users
  • Read Virtual Data Centers 
  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  2. Click SSL VPN.
  3. Click Activity.
ColumnDescription
DateThis column displays the date and time that the user interacted with their SSL VPN device.
User Name

This column displays the name of the user associated with the activity record.

SSL VPN Account Activity captures history differently than other Account Activity events, as it uses NSX gateway logs as its source, not the AMP portal.  Because of this, we sometimes don’t have the full context of the user attempting a particular activity.  Here is how you can interpret values you might see:

  • “Unknown user”: this means the gateway did not report the username in the logout message (ex: premature disconnection), which is a known vendor issue with no specific resolution date  Since it was not reported, AMP can only display “Unknown User”.  Seeing that value only applies on logout events, never on login events.  Using context within your SSL VPN logs, you can deduce the SSL VPN user by looking for named individuals with login events that do not have a matching logout event featuring their username/display name

  • Email Address: the match was unsuccessful because the user mistyped their SSL VPN username, leading to a failed login

  • Individual’s First & Last Name: the match between SSL VPN username with portal username was successful, so the AMP user’s display name is shown

Source IP AddressThis column displays the user's IP address where the authentication took place.
Local IP AddressThis column displays Armor's connection source.


Troubleshooting

If you are concerned about your billing statement for SSL VPN devices (members), consider that: 

  • You may have members in other data centers. In the top menu, there is a drop-down menu that you can use to switch across different data center views. As a result, when you switch to a different data center view, you may see additional members.
  • If you have the same SSL VPN member in multiple data centers, you will only be billed for the one member. For example, if you have one member in DFW01 and the same member in LHR01, then you will only be billed for one member; however, if you have multiple members in a single data center location, then you will be charged for those additional members. 
    • In short, you will be billed for every unique member, regardless of how many data centers are included.


Log Search for SSL VPN

Please see the Log Search documentation for more information. 

FieldFilter by
nsx_edge.sslvpn.action

This indicates the action taken. Those listed below are the only ones of interest.

  • login success

  • session logout success

  • authentication failure

nsx_edge.sslvpn.log_levelThis the log level from the Edge Gateway
nsx_edge.sslvpn.local_ipThe IP address of the client
nsx_edge.sslvpn.timestampThe timestamp of the action
nsx_edge.sslvpn.usernameThe username of user taking the action
nsx_edge.sslvpn.virtual_ipThe IP Address assigned to the user for that session



Was this helpful?

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 36 rates

Armor Defense Inc. Copyright © 2021. All rights reserved. 

© Armor Defense Inc. 2019. All Rights Reserved.