|
Certificates of remote peers
This is a list of all certificates of individual remote peers.
To add a new remote peer certificate, click Add new. The following pages will allow you to specify a name for the remote peer certificate and upload the certificate file. This certificate can be selected in the Certificates field on the VPN page.
Certificate Authorities
This is a list of all CA certificates.
To add a new Certificate Authority certificate, click Add new. The following pages will allow you to specify a name for the CA certificate and upload the certificate file. This certificate can be selected in the Certificates field on the VPN page.
Note: If the uploaded certificate is a CA certificate, it will automatically be placed in the Certificate Authorities list, even if Add New was clicked in the Remote Peers list. Similiarly, a non-CA certificate will be placed in the Remote Peers list even if Add New was clicked from the Certificate Authorities list.
Identities
This is a list of all the configured Identity lists. An Identity list can be used on the VPN page to limit inbound VPN access from this list of known identities.
Normally, a VPN tunnel is established if the certificate of the remote peer is present in the Certificates field in the VPN section, or if the remote peer's certificate is signed by a CA whose certificate is present in the Certificates field in the VPN section. However, in some cases it might be necessary to limit who can establish a VPN tunnel even among peers signed by the same CA.
The Identity list can be selected in the Identity List field on the VPN page.
If an Identity List is configured, the firewall will match the identity of the connecting remote peer against the Identity List, and only allow it to open the VPN tunnel if it matches the contents of the list.
If no Identity List is used, no identity matching is done.
|
Вход
Регистрация
FAQ
Поиск
