functionality, basic setup and nuances

Let's move on to the settings of the final machine. Let us remind you that we have two of them in our scheme: on one UserGate Client will work in NGFW mode, on the other – in Management Center mode. The first is called UG-Cl-1, the second – UG-Cl-2.

Let's start with UG-Cl-1. We have previously transferred the UserGate Client distribution and client certificates here, which were added to the local storage:

Nuance. To install UserGate Client we had to put the machine into test mode. This must be done so that the driver signature check on the OS does not start. Without such manipulation, the current version of UserGate Client will not work yet.

We launch the installation from the distribution kit. During the process, a window like this appears:

We are required to enter an IP address or domain name that will lead to the Management Center. And there is also a certain Device code – a personal device code, which we’ll talk about a little later.

Since we are connecting the machine in NGFW mode, a connection with the Management Center is not needed – click Cancel. Next, the installation will finish, after which you will need to reboot the machine.

After loading the operating system, we see that a new application icon has appeared:

Next, we check all network parameters:

What IPv4 addressing do we get on our client? We see – 192.168.0.111 from the Untrusted zone. Our main gateway is the operator, and the DNS server is specified – and this is the external interface of UserGate (192.168.0.254).

This may not be the correct setting. But we did this on purpose, because the nubes.lab domain is not public. And in order not to make crutches with host files and not create third-party DNS servers, we made do with NGFW. It is the firewall that will resolve names according to the parameters that are configured in it with the participation of Active Directory.

So, the VPN client is installed. This means we can connect. In the VPN server field we enter its domain name – vpn.nubes.lab. We leave the Passphrase field empty. It must be used if we need a connection via the L2TP\IPsec protocol.

Next, click Connect and select the authentication method that we will use when connecting. As you remember, there are two options: login/password or certificate (our case).

Next we see the same certificates that already exist. At this step we can change them if necessary. We are waiting for the connection itself. Here it is:

The connection was established, we were given a tunnel address from the VPN network pool.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *