You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Contents


Overview

Fredonia provides Virtual Private Network ("VPN") Services for employees to remotely and securely perform their work related duties as necessary in accordance with applicable policies and regulations. The VPN Services are designed to minimize the potential exposure to Fredonia from damages, which may result from unauthorized use of Fredonia resources. Damages include the loss of sensitive or University confidential data, intellectual property, damage to public image, damage to critical Fredonia internal systems, etc. 

Fredonia allows remote access when there is a clear, documented business need.  Access may be allowed from State-issued or personally-owned devices, at the discretion of the Fredonia Information Security Office or the Chief Information Officer and in accordance with the standards below. Such access must be limited to only those systems necessary for needed business functions using the “Principle of Least Privilege.”

Approved Virtual Private Networking (Tunneling) Services include the following: 

There are two types of VPN remote access methods available that provides the following services: HTTP/HTTPS, VNC, RDP, and SSH.

  1. General (Web) -  The SSL VPN portal enables remote users to access internal network resources through a secure channel using a web browser. This access method is for the typical user and will have standard remote access needs. These services are delivered within compatible browsers and use HTML5 features. Available TCP ports include: 80, 443, 3389, 5900 and 22. 

  2. Advanced (Client) -  The Fredonia SSL VPN Client enables remote users to access internal network resources through a secure tunnel delivered by the Fortinet Client. This method is designed for more advanced remote access needs which will be assessed on a case by case basis based on business need and risk. Available TCP ports include: 80, 443, 3389, 5900 and 22. 

Getting started with the Fredonia VPN Web Service:

  1. To get access to the Fredonia VPN Services, please submit a FredQuest ticket.
  2. Submit an Fredonia VPN Service Application. (Enter URL)

NOTE: Other operating systems and web browsers may function correctly, but are not supported by Fredonia



To log into the secure Fredonia VPN Web Service:

1. Using the web browser on your computer, browse to the URL https://vpn.fredonia.edu


2. When you are prompted for your EServices I.D. and password:

  • In the  field, type your EServices I.D.
  • In the Password field, type your password.

3. Select Login.
The Fredonia Web VPN will redirect your web browser to the Fredonia SSL VPN web portal home page automatically.

Fredonia Web VPN Portal Overview:
After logging in to the web portal, the remote user is presented with a web portal page similar to the following:

Various widgets provide the web portal’s features:

  • Session Information displays the elapsed time since login and the volume of HTTP and HTTPS traffic, both
  • inbound and outbound.
  • Quick Connection enables you to connect to network resources without using or creating a bookmark.
  • Download FortiClient provides access to the Advanced SSL VPN tunnel application for various operating systems. NOTE: Only Fredonia SSL VPN users with authorization can utilize the client. 
  • Bookmarks provides links to network resources. You can use the administrator-defined bookmarks and you can
  • add your own bookmarks.
  • While using the web portal, you can select the Help button to get information to assist you in using the portal
  • features. This information displays in a separate browser window.
  • When you have finished using the web portal, select the Logout button in the top right corner of the portal
  • window.
  • After making any changes to the web portal configuration, be sure to select Apply.


The Quick Connection Tool widget enables a user to connect to a resource when it isn’t a predefined bookmark:

You can connect to any type of host without adding a bookmark to the Bookmarks list. The fields in the Quick
Connection Tool enable you to specify the type of server and the URL or IP address of the host computer.
See the following procedures:

To connect to a web server

1. In Type, select HTTP/HTTPS.
2. In the Host field, type the URL of the web server.
For example: http://www.mywebexample.com or https://172.20.120.101
3. Select Launch.
4. To end the session, close the browser window.

To start an SSH session:

1. In Type, select SSH.
2. In the Host field, type the IP address of the SSH host.
For example: 10.11.101.12
3. Select Launch.
A login window opens.
4. Select Connect.
A SSH session starts and you are prompted to log in to the remote host. You must have a user account to log in.
After you log in, you may enter any series of valid commands at the system prompt.
5. To end the session, select Disconnect (or type exit) and then close the SSH connection window.

To start an RDP session

1. In Type, select RDP.
2. In the Host field, type the IP address of the RDP host.
For example: 10.11.101.12
3. Optionally, you can specify additional options for RDP by adding them to the Host field following the host
address. See RDP options on page 57 for information about the available options.
For example, to use a French language keyboard layout you would add the -m parameter:
10.11.101.12 -m fr
4. To log in to the remote host, type your user name and password. You must have a user account on the remote
host to log in. Note that the user name should be entered in User Principal Name (UPN) format.
5. Select Launch.
A login window opens.
6. When you see a screen configuration dialog, click OK.
The screen configuration dialog does not appear if you specified the screen resolution with the host address.
7. Select Login.
If you need to send Ctrl-Alt-Delete in your session, use Ctrl-Alt-End.
8. To end the RDP session, Log out of Windows or select Cancel from the Logon window.
Some Windows servers require a specific Security to be set for RDP sessions, such as
Network Level Authentication (NLA) or Transport Layer Security (TLS), not the
standard RDP encryption security. For example, Windows 10 requires the use of TLS.

To start a VNC session

1. In Type, select VNC.
2. In the Host field, type the IP address of the VNC host.
For example: 10.11.101.12
3. Select Launch.
A login window opens.
4. Type your user name and password when prompted to log in to the remote host.
You must have a user account on the remote host to log in.
5. Select OK.
If you need to send Ctrl-Alt-Delete in your session, press F8, then select Send Ctrl-Alt-Delete from the pop-up
menu.
6. To end the VNC session, close the VNC window.

Adding bookmarks:

A web bookmark can include login credentials to automatically log the SSL VPN user into the website. When the
administrator configures bookmarks, the website credentials must be the same as the user’s SSL VPN
credentials. Users configuring their own bookmarks can specify alternative credentials for the website.

To add a bookmark - web-based manager:
1. On the VPN > SSL-VPN Portals page, ensure Enable User Bookmarks is enabled.
2. Select Create New and enter the following information:

  • Category Select a category, or group, to include the bookmark. If this is the first
  • bookmark added, you will be prompted to add a category. Otherwise,
  • select Create from the drop-down list.
  • Name Enter a name for the bookmark.
  • Type Select the type of link from the drop-down list. NOTE: VNC and RDP require a browser plugin. 

Support:

If you have any questions or need further assistance, please contact the ITS Service Center that can be contacted through email at ITSservicecenter@fredonia.eduFREDquest, phone, or by a visit to the ITS Service Center office. The office is located at W203 Thompson, on the 2nd Floor. Phone: (716) 673-3407.


Short URL to this page: https://answers.fredonia.edu/x/1wCP


Search

There is no content with the specified labels