No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SSL VPN Configuration Commands

SSL VPN Configuration Commands

NOTE:

The AR502G-L-D-H and AR502GR-L-D-H do not support SSL VPN.

The feature is just for beta test, and is not for commercial use. If the feature is required in the test, contact Huawei technical support personnel.

background-color

Function

The background-color command configures the background color of the virtual gateway web GUI.

The undo background-color command restores the default setting.

The RGB color model of the default background color on the virtual gateway web GUI is #F6F6F6.

Format

background-color color-value

undo background-color

Parameters

Parameter

Description

Value

color-value

Background color of the virtual gateway web GUI.

The RGB color model is used. The value format is #H, in which H is a 3-digit or 6-digit hexadecimal number. Each digit ranges from 0 to F.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

Run the background-color command to configure the background color on the virtual gateway web GUI.

Precautions

If you run the background-color command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the RGB color model of the background color of the virtual gateway web GUI to #EE0000.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] background-color #EE0000
Related Topics

bind acl

Function

The bind acl command binds an ACL to the IP forwarding service.

The undo bind acl command unbinds an ACL from the IP forwarding service.

By default, no ACL is bound to the IP forwarding service.

Format

bind acl acl-number

undo bind acl

Parameters

Parameter

Description

Value

acl-number

ACL number that you want to bind to the IP forwarding service.

The value is an integer ranging from 3000 to 3999.

Views

IP forwarding service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The SSL VPN gateway allows remote terminals to communicate with internal servers at the network layer. For example, remote terminals and internal servers implement file sharing.

Remote users are not allowed to access confidential data on the intranet. After an ACL is bound to the IP forwarding service, the SSL VPN gateway filters remote users' IP packets based on this ACL to limit the remote users access rights. For example, if you want remote users to access only internal server 1.1.1.1, bind an ACL to the IP forwarding service to permit only the IP packets destined for 1.1.1.1 and discard other IP packets.

Prerequisites

The ACL that you want to bind to the IP forwarding service has been created.

Precaution

If you run the bind acl command multiple times in the same IP forwarding service view, only the latest configuration takes effect.

Example

# Bind an ACL to the IP forwarding service.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type ip-forwarding resource ifres1
[Huawei-sslvpn-users-if-res-ifres1] bind acl 3001

bind domain

Function

The bind domain command binds an AAA domain to a virtual gateway.

The undo bind domain command unbinds an AAA domain from a virtual gateway.

By default, no AAA domain is bound to a virtual gateway.

Format

bind domain domain-name

undo bind domain

Parameters

Parameter

Description

Value

domain-name

Name of an AAA domain.

The value is the name of an existing AAA domain.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To prevent unauthorized remote users from accessing internal resources and protect intranet security, each virtual gateway must authenticate login remote users. After being bound to an AAA domain, a virtual gateway performs AAA authentication for all login remote users. Only the authenticated remote users are allowed to access internal resources.

Prerequisites

The AAA domain that you want to bind to the virtual gateway has been created.

Precautions

The virtual gateway supports only two authentication methods: local authentication and RADIUS authentication.

If you need to modify the bound AAA domain after the basic SSL VPN functions are enabled, use the undo enable command to disable the basic SSL VPN functions first.

Example

# Bind the AAA domain admin to the virtual gateway users.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] bind domain admin
Related Topics

bind ip-pool

Function

The bind ip-pool command binds an IP address pool to the IP forwarding service.

The undo bind ip-pool command unbinds an IP address pool from the IP forwarding service.

By default, no IP address pool is bound to the IP forwarding service.

Format

bind ip-pool pool-name

undo bind ip-pool

Parameters

Parameter

Description

Value

pool-name

IP address pool that you want to bind to the IP forwarding service.

The value is the name of an existing ip address pool.

Views

IP forwarding service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The IP forwarding function allows remote terminals to communicate with internal servers at the network layer.

When a remote user starts the IP forwarding service, the remote host automatically downloads the client software on the web page. The client software then installs a virtual network adapter on the remote host. The client software is responsible for setting up an SSL connection between the terminal and gateway, requesting an IP address for the virtual network adapter, and creating a route with the virtual network adapter as outbound interface.

After an IP address pool is bound to the IP forwarding service, an IP address is allocated from the IP address pool to the virtual network adapter.

Prerequisites

The IP address pool that you want to bind to the IP forwarding service has been created.

Precautions

If you want to configure the rental period of an IP address pool, the rental period must be longer than the maximum online duration of the SSL VPN remote user.

If you run the bind ip-pool command multiple times in the same IP forwarding service view, only the latest configuration takes effect.

Example

# Bind the IP address pool pool1 to the IP forwarding service.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type ip-forwarding resource ifres1
[Huawei-sslvpn-users-if-res-ifres1] bind ip-pool pool1

cut user

Function

The cut user command forcibly disconnects remote users from a virtual gateway.

Format

cut user { name user-name | id user-id | all }

Parameters

Parameter

Description

Value

name user-name

Specifies the name of the remote user that you want to disconnect from a virtual gateway.

The value is a string of 1 to 64 case-insensitive characters without spaces or question mark (?).

id user-id

Specifies the ID of the remote user that you want to disconnect from a virtual gateway.

After a user goes online, the virtual gateway automatically allocates an ID for the remote user. To view the IDs of all online remote users, run the display sslvpn gateway access-user command.

The value is an integer that ranges from 0 to 9.

all

Disconnects all remote users from a virtual gateway.

-

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can disconnect a remote user by specifying the remote user's name or ID or disconnect all remote users from a virtual gateway. The virtual gateway still stores information about the disconnected remote users.

Follow-up Procedure

Run the display sslvpn gateway access-user command to view remote users' status.

Example

# Disconnect the user jackson from the virtual gateway.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] cut user name jackson

description

Function

The description command configures the description of a service on a virtual gateway.

The undo description command deletes the service description on a virtual gateway.

By default, the services on a virtual gateway do not have description.

Format

description description

undo description

Parameters

Parameter

Description

Value

description

Service description on a virtual gateway.

The value is a string of 1 to 80 case-sensitive characters without spaces. The string cannot contain the following characters: ? < > [ ].

Views

Web proxy service view, port forwarding service view, or IP forwarding service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The description command configures the service description on a virtual gateway, such as, the usage or use scenario of a service. The service description is used to differentiate services.

Precautions

If you run the description command multiple times in the same service view, only the latest configuration takes effect.

Example

# Configure the description for the port forwarding service.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type port-forwarding resource pres1
[Huawei-sslvpn-users-pf-res-presl] description this service is used to access the ftp server

display sslvpn gateway

Function

The display sslvpn gateway command displays virtual gateway information.

Format

display sslvpn gateway [ gateway-name ]

Parameters

Parameter

Description

Value

gateway-name

Displays information about a specified virtual gateway. If this parameter is not specified, the system displays information about all virtual gateways.

The value is the name of an existing virtual gateway.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display information about the virtual gateway users.

<Huawei> display sslvpn gateway users
 ------------------------------------------------------------------------------
  Gateway name                :   users                                        
  Status                      :   enable                                       
  Intranet interface          :   Ethernet1/0/0                                
  Intranet IP                 :   10.1.17.1                                    
  Domain                      :   default                                      
  Max-user                    :   200                                           
  Max-onlinetime(minute)      :   120                                           
  Web-proxy resources         :   2                                             
  Port-forwarding resources   :   1                                             
  Ip-forwarding  resources    :   1                                             
  Total online users          :   15                                             
  ----------------------------------------------------------------
Table 10-41  Description of the display sslvpn gateway command output

Item

Description

Gateway name

Virtual gateway name. To configure the virtual gateway name, run the sslvpn gateway gateway-name command.

Status

Status of the virtual gateway:

  • enable
  • disable
To enable basic functions of a virtual gateway, run the enable command.

Intranet interface

Intranet interface of the virtual gateway. To configure an intranet interface of a virtual gateway, run the intranet interface interface-type interface-number command.

Intranet IP

IP address of the intranet interface.

Domain

AAA domain bound to the virtual gateway. To bind a domain to a virtual gateway, run the bind domain domain-name command.

Max-user

Maximum number of online remote users allowed by the virtual gateway. To set the maximum number of online remote users allowed by a virtual gateway, run the max-user number command.

The maximum number of online remote users is limited by the maximum numbers of online remote users provided by the device and specified by the license. The actual maximum number of online remote users is the smallest value among the maximum numbers configured by the administrator, provided by the device, and specified by the license.

Max-onlinetime(minute)

Maximum online duration of a remote user allowed by the virtual gateway. To set the maximum online duration of a remote user allowed by a virtual gateway, run the max-online-time number command.

Web-proxy resources

Number of web proxy resources.

Port-forwarding resources

Number of port forwarding resources.

Ip-forwarding resources

Number of IP forwarding resources.

Total online users

Total number of online remote users.

display sslvpn gateway access-user

Function

The display sslvpn gateway access-user command displays remote access user information on a virtual gateway.

Format

display sslvpn gateway gateway-name access-user [ user-name ]

Parameters

Parameter

Description

Value

gateway-name

Indicates the virtual gateway name.

The value is the name of an existing virtual gateway.

user-name

Displays details about the specified remote user on the virtual gateway.

The value is a string of 1 to 64 case-insensitive characters. It cannot contain a space or question mark (?).

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view information about online remote users on the virtual gateway, namely, access remote user information, run the display sslvpn gateway access-user command.

Example

# Display information about all remote access users on a virtual gateway.

<Huawei> display sslvpn gateway gate0 access-user
Total access-user number of this gateway: 1                                     
  ------------------------------------------------------------------------------
  User name                          User ID           Auth method              
  ------------------------------------------------------------------------------
  admin@domain1                      0                 LOCAL                    
  ------------------------------------------------------------------------------

# Display information about the remote user fag.

<Huawei> display sslvpn gateway gate0 access-user fag
  ------------------------------------------------------------------------------
  User name                   :   admin@domain1                                 
  User ID                     :   0                                             
  Auth Method                 :   LOCAL                                         
  Max-onlinetime(minute)      :   120                                           
  Current-onlinetime(minute)  :   25                                            
  ------------------------------------------------------------------------------
Table 10-42  Description of the display sslvpn gateway command output

Item

Description

User name

User name of the remote access user.

User ID

User ID of the remote access user.

Auth Method

Authentication method of the remote access user:
  • LOCAL: local authentication
  • RADIUS: RADIUS authentication

Max-onlinetime(minute)

Maximum online duration of the remote user. To set the maximum online duration of a remote user allowed by a virtual gateway, run the max-online-time number command.

Current-onlinetime(minute)

Current online duration of the remote user.

Related Topics

display sslvpn gateway resource

Function

The display sslvpn gateway resource command displays resource information on a virtual gateway.

Format

display sslvpn gateway gateway-name resource class { web-proxy | port-forwarding | ip-forwarding }

Parameters

Parameter

Description

Value

gateway-name

Displays resource information on a virtual gateway.

The value is the name of an existing virtual gateway.

class web-proxy

Displays resource information of the web proxy service.

-

class port-forwarding

Displays resource information of the port forwarding service.

-

class ip-forwarding

Displays resource information of the IP forwarding service.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view resource information on a virtual gateway, run the display sslvpn gateway command.

Example

# Display web proxy resource information on the virtual gateway users.

<Huawei> display sslvpn gateway users resource class web-proxy
The total number of resources is : 2                                            
  ------------------------------------------------------------------------------
  Resource name                   Url                          Type             
  ------------------------------------------------------------------------------
  liyue                           http://192.168.1.65/         web-proxy        
  test                            http://192.168.1.65/         web-proxy        
  ------------------------------------------------------------------------------

# Display port forwarding resource information on the virtual gateway users.

<Huawei> display sslvpn gateway users resource class port-forwarding
                                                                                
The total number of resources is : 1                                            
  ------------------------------------------------------------------------------
  Resource name                   Server              Port       Type           
  ------------------------------------------------------------------------------
  liyue                           192.168.1.65        3389       port-forwarding
  ------------------------------------------------------------------------------

# Display IP forwarding resource information on the virtual gateway users.

<Huawei> display sslvpn gateway users resource class ip-forwarding
  ------------------------------------------------------------------------------
  Resource name        :   liyue                                                
  Pool name            :   liyue                                                
  Route-mode           :   full                                                 
  Acl                  :   3001                                                    
  Type                 :   ip-forwarding                                        
  ------------------------------------------------------------------------------
Table 10-43  Description of the display sslvpn gateway resource command output

Item

Description

The total number of resources

Number of resources on the virtual gateway

Resource name

Resource name. To configure a resource name, run the service-type { web-proxy | port-forwarding | ip-forwarding } resource resource-name command.

Url

URLs in the web proxy service. To configure a URL of an internal web server, run the link url [ web-tunnel ] command.

Type

Resource type:
  • web-proxy: web proxy service
  • port-forwarding: port forwarding service
  • ip-forwarding: IP forwarding service
To configure an SSL VPN service, run the service-type { web-proxy | port-forwarding | ip-forwarding } resource resource-name command.

Server

Port

IP address for the port forwarding service.

Port number for the port forwarding service.

To configure the IP address and port number for the port forwarding service, run the server ip-address ip-address port port-number command.

Pool name

IP address pool name bound to the IP forwarding service. To bind an IP address pool to the IP forwarding service, run the bind ip-pool pool-name command.

Route-mode

Routing mode used by the IP forwarding service:
  • full
  • split
To configure a routing mode used by the IP forwarding service, run the route-mode { full | split } command.

Acl

ACL number bound to the IP forwarding service. To bind an ACL to the IP forwarding service, run the bind acl acl-number command.

display sslvpn user statistics

Function

The display sslvpn user statistics command displays history statistics on remote users.

Format

display sslvpn user statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view history statistics on remote users.

Example

# Display history statistics on remote users.

<Huawei> display sslvpn user statistics
  ------------------------------------------------------------------------------
  Maximum of total online users in history        :    0                        
  Begin time of total online users                :    2013-10-18 20:22:05      
  Maximum time of total online users              :    2013-10-18 20:22:05      
  ------------------------------------------------------------------------------
Table 10-44  Description of the display sslvpn user statistics command output

Item

Description

Maximum of total online users in history

Maximum number of total online remote users in the history.

Begin time of total online users

Time when collection of statistics on online remote users begins.

Maximum time of total online users

Time when the total number of online remote users reaches the maximum value.

display sslvpn server port

Function

The display sslvpn server port command displays information about the listening port number used by the SSL VPN service.

Format

display sslvpn server port

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display information about the listening port number used by the SSL VPN service.

<Huawei> display sslvpn server port
  sslvpn server port : 443   (default:443)
Table 10-45  Description of the display sslvpn server port command output

Item

Description

sslvpn server port

Listening port number used by the SSL VPN service.

default

Default listening port number used by the SSL VPN service.

Related Topics

enable

Function

The enable command enables the basic SSL VPN functions for a virtual gateway.

The undo enable command disables the basic SSL VPN functions for a virtual gateway.

By default, the basic SSL VPN functions are disabled.

Format

enable

undo enable

Parameters

None

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To use a device as an SSL VPN gateway, you must configure and enable the basic SSL VPN functions.

Pay attention to the following points when using the basic SSL VPN functions:

  • After you configure the basic SSL VPN functions, you must use the enable command to make the function effective.
  • If you disable the basic SSL VPN functions using the undo enable command, all online users are forcibly disconnected from the virtual gateway.

Prerequisites

The configurations of basic SSL VPN functions have been complete on the virtual gateway. The configurations of basic SSL VPN functions include:

  • Intranet interfaces
  • AAA domain

Example

# Enable the basic SSL VPN functions on the virtual gateway users.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] enable
Related Topics

intranet interface

Function

The intranet interface command configures an intranet interface for a virtual gateway.

The undo intranet interface command deletes the intranet interface from a virtual gateway.

By default, no intranet interface exists on a virtual gateway.

Format

intranet interface interface-type interface-number

undo intranet interface

Parameters

Parameter

Description

Value

interface-type interface-number

Type and number of the intranet interface.

The interface-type value is a Layer 3 interface type; the interface-number value depends on the interface type and slot ID.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The intranet hosts or servers connect to the intranet interfaces of the SSL VPN gateway. When configuring a virtual gateway, the administrator needs to set the interface connecting the SSL VPN gateway to the internal server to the intranet interface of the virtual gateway. The interface enables the communication between the virtual gateway and the internal server.

Precautions

The intranet interface must be a Layer 3 interface and have an IP address.

If you need to modify the intranet interface after the basic SSL VPN functions are enabled, use the undo enable command to disable the basic SSL VPN functions first.

Example

# Configure the intranet interface for the virtual gateway users.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] intranet interface gigabitethernet 2/0/0
Related Topics

login-help

Function

The login-help command configures the help information on the bottom of the virtual gateway web GUI.

The undo login-help command restores the default setting.

The default help information on the bottom of the virtual gateway web GUI is Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.

Format

login-help help-info

undo login-help

Parameters

Parameter

Description

Value

help-info

Help information on the bottom of the virtual gateway web GUI.

The value is a string of 1 to 200 case-sensitive characters. The string cannot contain the following characters: ? < > [ ]..

NOTE:

The Unicode can be used to represent Chinese characters or special characters.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

An enterprise may want to display the enterprise address and phone number to customers. To meet this requirement, the administrator can display the information as the help information on the bottom of the virtual gateway web GUI.

Precautions

If you run the login-help command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the help information on the bottom of the virtual gateway web GUI to Tel:123456.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] login-help Tel:123456
Related Topics

login-message

Function

The login-message command configures the greeting on the virtual gateway web GUI.

The undo login-message command restores the default setting.

The default greeting on the virtual gateway web GUI is Welcome to login:.

Format

login-message welcome-info

undo login-message

Parameters

Parameter

Description

Value

welcome-info

Greeting on the virtual gateway web GUI.

The value is a string of 1 to 128 case-sensitive characters. The string cannot contain the following characters: ? < > [ ].

NOTE:

The Unicode can be used to represent Chinese characters or special characters.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

An enterprise may require the virtual gateway web GUI to display specified greetings for specified customers or holidays. Run the login-message command to configure the greeting on the virtual gateway web GUI.

Precautions

If you run the login-message command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the greeting on the virtual gateway web GUI to Welcome.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] login-message Welcome

# Set the greeting on the virtual gateway web GUI to Welcome. (Unicode indicates Chinese Characters.)

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] login-message %u6B22%u8FCE%u8BBF%u95EE%u672C%u516C%u53F8
Related Topics

login-photo

Function

The login-photo command configures the background picture in the login dialog box of the virtual gateway web GUI.

The undo login-photo command deletes the configured background picture from the login dialog box of the virtual gateway web GUI.

By default, the background picture in the login dialog box of the virtual gateway web GUI is light gray.

Format

login-photo login-photo-file

undo login-photo

Parameters

Parameter

Description

Value

login-photo-file

Background picture in the login dialog box of the virtual gateway web GUI.

NOTE:

The background picture must be a GIF file of a maximum of 6 KB.

The value is a string of 1 to 64 characters in the format of [path] [file-name].

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

Run the login-photo command to change the background picture in the login dialog box of the virtual gateway web GUI.

Precautions

  • The recommended picture pixels are 35 x 35.

  • If you run the login-photo command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the background picture in the login dialog box of the virtual gateway web GUI to Login.gif.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] login-photo flash:/Login.gif
Related Topics

logo

Function

The logo command configures the enterprise logo on the enterprise gateway web GUI.

The undo logo command deletes the configured enterprise logo from the enterprise gateway web GUI.

Format

logo logo-file

undo logo

Parameters

Parameter

Description

Value

logo-file

File name of the enterprise logo on the enterprise gateway web GUI.

NOTE:

The enterprise logo must be a GIF file of a maximum of 6 KB.

The value is a string of 1 to 64 characters in the format of [path] [file-name].

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

Generally, enterprises have their own logos. If an enterprise requires the virtual gateway web GUI to display the enterprise logo, run the logo command to configure the enterprise logo on the enterprise gateway web GUI.

Precautions

  • The recommended picture pixels are 50 x 50.

  • If you run the logo command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the enterprise logo on the enterprise gateway web GUI to iHappy.gif.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] logo flash:/iHappy.gif
Related Topics

max-online-time

Function

The max-online-time command configures the maximum online duration of a remote user allowed by the virtual gateway.

The undo max-online-time command restores the default duration.

By default, the maximum online duration of remote users allowed by a virtual gateway is 120 minutes.

Format

max-online-time number

undo max-online-time

Parameters

Parameter

Description

Value

number

Maximum online duration of a remote user allowed by the virtual gateway.

The value is an integer ranging from 5 to 480, in minutes.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an online remote user does not use services for a long time, the remote user still occupies resources. To avoid a waste of resources, configure the maximum online duration for remote users. A remote user whose online duration exceeds the limit is logged off forcibly. The virtual gateway still stores information about the disconnected remote users.

Follow-up Procedure

Run the display sslvpn gateway access-user command to view the maximum online duration of remote users.

Example

# Configure the maximum online duration of a remote user allowed by the virtual gateway.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] max-online-time 200

max-user

Function

The max-user command configures the maximum number of online users allowed by the virtual gateway.

The undo max-user command restores the default value.

By default, the maximum number of online users allowed by the virtual gateway is 10.

Format

max-user number

undo max-user

Parameters

Parameter

Description

Value

number

Maximum number of online users allowed by the virtual gateway.

The value is an integer that ranges from 0 to 10.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The max-user command limits the number of online remote users. When the number of online remote users on the virtual gateway exceeds the limit, no more remote user can log in.

Precautions

When you configure the maximum number of online remote users for multiple virtual gateways, the sum of the maximum numbers cannot exceed the maximum number supported by the device or the maximum number specified by the license.

Example

# Set the maximum number of online users on the virtual gateway users to 10.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] max-user 10
Related Topics

organization

Function

The organization command configures the enterprise name on the enterprise gateway web GUI.

The undo organization command restores the default setting.

The default enterprise name on the virtual gateway web GUI is SSL VPN.

Format

organization organization-name

undo organization

Parameters

Parameter

Description

Value

organization-name

Enterprise name on the enterprise gateway web GUI.

The value is a string of 1 to 200 case-sensitive characters. The string cannot contain the following characters: ? < > [ ].

NOTE:

The Unicode can be used to represent Chinese characters or special characters.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

Generally, enterprises have their own names. If an enterprise requires the virtual gateway web GUI to display the enterprise name, run the organization command to configure the enterprise name on the enterprise gateway web GUI.

Precautions

If you run the organization command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the enterprise name on the enterprise gateway web GUI to iHappy.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] organization iHappy
Related Topics

reset sslvpn user statistics

Function

The reset sslvpn user statistics command clears history statistics on remote users.

Format

reset sslvpn user statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

You can run this command to clear history statistics on remote users.

Statistics cannot be restored after being cleared. Therefore, confirm the action before you run the command.

Example

# Clear history statistics on remote users.

<Huawei> reset sslvpn user statistics

route-mode

Function

The route-mode command configures a routing mode for the IP forwarding service.

The undo route-mode command restores the default routing mode.

By default, the routing mode is full.

Format

route-mode { full | split }

undo route-mode

Parameters

Parameter

Description

Value

full

Sets the routing mode to full.

-

split

Sets the routing mode to split.

-

Views

IP forwarding service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The SSL VPN gateway allows remote terminals to communicate with internal servers at the network layer. For example, remote terminals and internal servers implement file sharing.

The IP forwarding service can be implemented in the following modes:

  • Full routing mode

    The SSL VPN gateway adds a default route with the next hop address as the virtual network adapter's IP address (intranet IP address allocated to the virtual network adapter by the SSL VPN gateway) to the routing table of a remote terminal. The remote terminal can communicate with servers on the specified network segment through the SSL VPN gateway.

  • Split routing mode

    The SSL VPN gateway adds the route in split mode to the routing table of a remote terminal. The remote terminal can communicate with only servers on the specified internal network segment. This mode controls internal servers that remote terminals can communicate in a fine-grained manner.

Precaution

If you run the route-mode command multiple times in the same IP forwarding service view, only the latest configuration takes effect.

Follow-up Procedure

If you choose the Split mode, you must use the route-split command to specify the network segment that users can access.

Example

# Set the routing mode to Split.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type ip-forwarding resource ifres1
[Huawei-sslvpn-users-if-res-ifres1] route-mode split

route-split

Function

The route-split command specifies the accessible network segment for remote users when the split routing mode is used.

The undo route-split command cancels the configuration.

By default, no accessible network segment is specified.

Format

route-split ip address ip-address mask { mask-length | mask }

undo route-split ip address ip-address mask { mask-length | mask }

Parameters

Parameter

Description

Value

ip address ip-address

Specifies the destination IP address of the route to the internal network segment. This is a private IP address.

The value is in dotted decimal notation.

mask mask-length

Specifies the mask length of the route to the internal network segment.

The value is an integer ranging from 1 to 32.

mask mask

Specifies the mask of the route to the internal network segment.

The value is in dotted decimal notation.

Views

IP forwarding service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The SSL VPN gateway allows remote terminals to communicate with internal servers at the network layer. For example, remote terminals and internal servers implement file sharing.

The IP forwarding service can be implemented in full routing mode and split routing mode. In split routing mode, the SSL VPN gateway adds the route in split mode to the routing table of a remote terminal. The remote terminal can communicate with only servers on the specified internal network segment. This mode controls internal servers that remote terminals can communicate in a fine-grained manner.

The route-split command limits the network segment that users can access by specifying the route destination IP address and mask.

Prerequisites

The route-mode command has been executed to set the routing mode to Split.

Precautions

A maximum of 10 user routes in Split routing mode can be configured in the same IP forwarding service view.

Example

# Specify the network segment that users can access.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type ip-forwarding resource ifres1
[Huawei-sslvpn-users-if-res-ifres1] route-mode split
[Huawei-sslvpn-users-if-res-ifres1] route-split ip address 1.1.1.0 mask 24

server ip-address

Function

The server ip-address command configures the IP address and port number for the port forwarding service.

The undo server ip-address command deletes the IP address and port number for the port forwarding service.

By default, no IP address or port number is configured for the port forwarding service.

Format

server ip-address ip-address port port-number

undo server ip-address

Parameters

Parameter

Description

Value

ip-address

IP address for the port forwarding service.

The value is in dotted decimal notation.

port port-number

Port number for the port forwarding service.

The value is an integer ranging from 1 to 65535.

Views

Port forwarding service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The port forwarding function allows applications to access internal servers using TCP. Remote users can access the TCP-based services on the internal network. The typical port forwarding services include Telnet login, desktop sharing, and mailing. The IP address and port number of the internal application server must be specified so that remote users can access the application server.

Precautions

The IP address and port number specified in a command must match.

If you run the server ip-address command with different IP addresses and port numbers multiple times in the same port forwarding service view, only the latest configuration takes effect.

Example

# Specify the IP address and port number for the port forwarding service.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type port-forwarding resource wpres1
[Huawei-sslvpn-users-pf-res-wpres1] server ip-address 1.1.1.1 port 23

server name

Function

The server name command configures the domain name and port number for the port forwarding service.

The undo server name command deletes the domain name and port number for the port forwarding service.

By default, the domain name and port number are not configured for the port forwarding service.

Format

server name name port port-number

undo server name

Parameters

Parameter

Description

Value

name

Domain name for the port forwarding service.

The value is a string of 1 to 200 case-insensitive characters without spaces. The string cannot contain the following characters: ? < > [ ].

port port-number

Port number for the port forwarding service.

The value is an integer ranging from 1 to 65535.

Views

Port forwarding service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The port forwarding function allows applications to access internal servers using TCP. Users can access the TCP-based services on the internal network. The typical port forwarding services include Telnet login, desktop sharing, and mailing.

Compared with an IP address, the domain name is easy to remember. When configuring the port forwarding service, the administrator can specify the domain name and port number of the internal server that can be accessed.

Prerequisites

The SSL VPN gateway has been configured as the DNS client.

Precautions

When you run this command to configure the domain name and port number for the port forwarding service, the domain name and port number must correspond to each other.

If you run the server name command with different values of the name or port-number parameter multiple times in the same port forwarding service view, only the latest configuration takes effect.

Example

# Configure the domain name and port number for the port forwarding service.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type port-forwarding resource wpres1
[Huawei-sslvpn-users-pf-res-wpres1] server name www.iHappy.com.cn port 23

service-type resource

Function

The service-type resource command creates a service on the virtual gateway and enters the service view or enters an existing service view.

The undo service-type resource command deletes a service from the virtual gateway.

By default, no service exists on a virtual gateway.

Format

service-type { web-proxy | port-forwarding | ip-forwarding } resource resource-name

undo service-type { web-proxy | port-forwarding | ip-forwarding } resource resource-name

Parameters

Parameter

Description

Value

web-proxy

Indicates a web proxy service.

-

port-forwarding

Indicates a port forwarding service.

-

ip-forwarding

Indicates an IP forwarding service.

-

resource-name

Indicates the service name.

The value is a string of 1 to 31 case-sensitive characters without spaces When double quotation marks are used around the string, spaces are allowed in the string.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

The device supports three service types as an SSL VPN gateway: web proxy, port forwarding, and IP forwarding.

The services on the SSL VPN gateway are created and configured in the virtual gateway view.

Example

# Create the web proxy service wpres1 and enter its view.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] service-type web-proxy resource wpres1
[Huawei-sslvpn-users-wp-res-wpres1] 
Related Topics

sslvpn gateway

Function

The sslvpn gateway command creates a virtual gateway and enters its view or enters an existing virtual gateway view.

The undo sslvpn gateway command deletes a virtual gateway.

By default, no virtual gateway exists.

Format

sslvpn gateway gateway-name

undo sslvpn gateway gateway-name

Parameters

Parameter

Description

Value

gateway-name

Indicates the virtual gateway name.

The value is a string of 1 to 31 case-sensitive characters without spaces. The string cannot contain the following characters: ? < > [ ].

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Based on the HTTPS protocol, SSL VPN uses the data encryption, user identify authentication, and message integrity check mechanisms of the SSL protocol to ensure secure remote access to enterprises' intranets.

An SSL VPN gateway can function as multiple virtual gateways, and the administrator manage users and configures services for each virtual gateway. To deploy the SSL VPN function on a device, the administrator creates multiple virtual gateways on the device, and configures the basic SSL VPN functions, SSL VPN services, and personalized web GUI and manage SSL VPN users on each virtual gateway.

Precautions

The number of virtual gateways that can be created on devices is 1.

Example

# Create the virtual gateway users.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] 
Related Topics

sslvpn server port

Function

The sslvpn server port command configures the listening port number of the SSL VPN service.

The undo sslvpn server port command restores the default setting.

The default listening port number of the SSL VPN service is 443.

Format

sslvpn server port port

undo sslvpn server port

Parameters

Parameter

Description

Value

port

Listening port number of the SSL VPN service.

The value is an integer that can be 443 or range from 1025 to 51200.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The default listening port number of the SSL VPN service is 443. When port 443 is used by another service, such as web-based network management service, run the sslvpn server port command to configure another listening port number for the SSL VPN service.

Precautions

  • Before configuring the listening port number of the SSL VPN service, the administrator must ensure that all virtual gateways on the SSL VPN gateway are disabled. To disable a virtual gateway, run the undo enable command in the virtual gateway view.

  • After the administrator changes the listening port number, users must enter the URL containing the new port number to log in to the SSL VPN gateway.

    For example, the URL of the SSL VPN gateway is https://1.1.1.1/gateway1. When the listening port number is changed to 1025, remote users must enter the URL https://1.1.1.1:1025/gateway1.

Example

# Set the listening port number of the SSL VPN service to 1025.

<Huawei> system-view
[Huawei] sslvpn server port 1025

table-color

Function

The table-color command configures the table header color of the virtual gateway web GUI.

The undo table-color command restores the default setting.

The RGB color model of the default table header color on the virtual gateway web GUI is #CDCDCD.

Format

table-color color-value

undo table-color

Parameters

Parameter

Description

Value

color-value

Table header color of the virtual gateway web GUI.

The RGB color model is used. The value format is #H, in which H is a 3-digit or 6-digit hexadecimal number. Each digit ranges from 0 to F.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

Run the table-color command to configure the table header color on the virtual gateway web GUI.

Precautions

If you run the table-color command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the RGB color model of the table header color of the virtual gateway web GUI to #00EEFF.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] table-color #00EEFF
Related Topics

text-color

Function

The text-color command configures the text color of the virtual gateway web GUI.

The undo text-color command restores the default setting.

The RGB color model of the default text color on the virtual gateway web GUI is #333333.

Format

text-color color-value

undo text-color

Parameters

Parameter

Description

Value

color-value

Text color of the virtual gateway web GUI.

The RGB color model is used. The value format is #H, in which H is a 3-digit or 6-digit hexadecimal number. Each digit ranges from 0 to F.

Views

Virtual gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports personalized GUI elements. Enterprise users can customize elements on the web GUI of a virtual gateway to meet diversified enterprise requirements.

Run the text-color command to configure the text color on the virtual gateway web GUI.

Precautions

If you run the text-color command multiple times in the same virtual gateway view, only the latest configuration takes effect.

Example

# Set the RGB color model of the text color of the virtual gateway web GUI to #00EEFF.

<Huawei> system-view
[Huawei] sslvpn gateway users
[Huawei-sslvpn-users] text-color #00EEFF
Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 47597

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next