The SSL VPN server requires a user credential profile consisting of the following elements:
Username and password information
A proxy session cookie
The roles assigned to the current user for authentication information
Each element added to the custom header requires a name with an “X-” prefix. The name you enter is specific to the application using the custom header, and might be case sensitive. You need to obtain this information from the application before creating the custom header. The Access Gateway injects these headers into the SSL VPN server.
The SSL VPN server requires the following three headers:
Authentication header containing the credential profile with a username and password
Custom header containing a proxy session cookie element named X-SSLVPN-PROXY-SESSION-COOKIE
Custom header containing roles for current user element, named X-SSLVPN-ROLE
You can configure Access Gateway to inject the client IP address as a custom header along with the other three headers. This custom header should be named X-SSLVPN-CLIENTIP. This enables logging of the client IP address for SSL VPN.
NOTE:This is an optional configuration and is not enabled by default. If it is not enabled, the SSL VPN server reports it to the Audit server as a connection accepted from Unknown Host.
To add this header to the SSL VPN policy:
In the Administration Console, click > .
(Conditional) If you have not created the SSL VPN default policy, click . Then click .
In the list of policies, click > 1.
In the section, click , then select .
Fill in the following values:
Custom Header Name: Specify .
Value: Select .
Click twice.
Click .