Remote Access Portal

From UntangleWiki

Jump to: navigation, search

Untangle Server User's Guide

Please Note: Most of the features discussed in this User Guide are available in the Open Source version of the Untangle Server software; however, some features are only available in the Professional Package. For a current listing of features and pricing, have a look at the Untangle Price List.

Remote Access Portal is currently only available in the Professional Package.

Contents

[edit]

About Remote Access Portal

The Remote Access Portal provides a web portal for end-users to easily access internal network resources (if you're an Administrator, consider using PC Remote instead):

  • Web servers (Intranet)
  • Web mail
  • File servers (network shares)
  • Desktops
  • Quarantined email

The Remote Access Portal is a client-less SSL VPN that provides a secure remote access from anywhere to a company's intranet through a regular web browser. Remote Access Portal is a great choice for remote access to desktops, web-based applications including email, and file sharing.

The portal home page is divided into two sections as shown in Figure, Example Portal Home Page:

  • Bookmarks. Shows users bookmarks to resources.
  • Applications. Shows a list of applications available to users. Portal Applications are web applications available to portal users. Currently, Network File Browser is the only available application.

When bookmark management is enabled, users can add and delete their own bookmarks using the plus and minus buttons. The maximize window button, enables users to increase the size of the current application. The home button returns the user to the home page, and the logout button, logs the user out of the portal.

Figure, Example Portal Home Page
Figure, Example Portal Home Page

Top

[edit]

Setting Up Remote Access Portal

Remote Access Portal offers many features to customize portals. However, in under 5 minutes you can set up a basic portal that enables all employees to access network resources.

Before You Begin:
Glance at the example outlined in Creating a Remote Access Portal for Angelic Resumes, Inc.

Task Go to
1. (Optional) Map your Untangle Server's public IP address to a domain name.

Enables portal users can access the Remote Access Portal using the Untangle Server's domain name, rather than the IP address.

Configuring Untangle Server To Use Dynamic DNS
2. Install and turn on the Remote Access Portal. Installing Software Products Downloaded from the Library
3. Enable remote access to the Untangle Server. Enabling Remote Access To Untangle Server
4. If your Untangle Server does not have a public IP address, port forward from a public IP. Redirecting External and Internal Traffic
5. Install a certificate so that users do not encounter certificate warnings when they connect to the Remote Access Portal. About Digital Certificates
6. Ensure that each portal user has an account on the Local LDAP Server or on the Active Directory server. About User Access and Authentication
7. If you intend to create an RDP bookmark (Deciding When To Create a RDP Bookmark or VNC Bookmark) to a remote desktop, do one of the following :
  • If the remote desktop is a Windows computer, complete the preparation steps.
  • If the remote desktop is a Mac enable Remote Desktop Protocol (RDP).

Windows:
(Windows) Preparing To Create RDP Bookmarks.
Mac:
Apple RDP Tutorial. Note: For Macs, you only need to enable RDP, so only perform the initial step. Remote Access Portal does the remaining work for you.

8. If you intend to create a VNC bookmark (Deciding When To Create a RDP Bookmark or VNC Bookmark) to a remote desktop, download and install the VNC server. Preparing To Create VNC Bookmarks
9. If you intend to create a bookmark to a network share, ensure that the portal users that you want to access that network share have permissions to that share.

Otherwise, users will be denied access to that network share when they click on the network share bookmark.

Refer to your file server's operating system documentation or your NAS device's documentation.

10. (Optional) If you intend to create a portal group, create that portal group.

You need a portal group if you do not want to make all networks resources (bookmarks) available to all users.

Creating Portal Groups

11. Add portal users to the Remote Access Portal. Adding Portal Users
12. Create the portal bookmarks, and customize the portal's look-and-feel.

Creating Portal Bookmarks and Customizing Portal Home Page

13. Log on to the Remote Access Portal, and click on the bookmarks that you created to ensure that they are working properly.

Working With Remote Access Portal Home Page

Top

[edit]

(Windows) Preparing To Create RDP Bookmarks

Perform this procedure if the remote desktop is a Windows computer. If you have a Mac, go to Apple RDP Tutorial.

Note: For Macs, you only need to enable RDP, so only perform the initial step. Remote Access Portal does the remaining working for you.

The Untangle Server supports remote desktop control through Remote Desktop Protocol (RDP). RDP enables you to use any computer’s (client) mouse and keyboard to interact with another computer (host) through the Internet and in real-time. RDP enables you to transfer files between these two computers. You can also run the host’s applications on the client computer without having software installed on the client computer. Before you create desktop bookmarks using Remote Access Portal, perform the following steps:

Task Go to
1. Determine that your operating system supports RDP. Remote Desktop Protocol (RDP). Windows XP Home and Windows 98 versions do not support RDP. Windows RDP Requirements
2. Enable remote access to your Windows PC. Enabling Remote Desktop Control To Windows PC
3. If you have a Windows firewall, configure Windows Firewall to allow access. Configuring Windows Firewall To Allow Access
[edit]

Enabling Remote Access To Windows PC

Perform this procedure on the host computer. The computer at the temporary location is the client computer. The computer at the remote location is the host computer.

To enable remote desktop control:

  1. Ensure that you are signed in as Administrator.
  2. On the host computer, click Start > Control Panel, and double-click on the System icon.
  3. Click the Remote tab, select the Allow users to connect remotely to this computer check box, and click OK. The computer is now enabled to allow remote access.
[edit]

Configuring Windows Firewall To Allow Access

Perform this procedure on the host computer. Use this procedure if you intend to use Windows Firewall on the host computer. The computer at the temporary location is the client computer. The computer at the remote location is the host computer.

To set up Windows Firewall to allow exceptions:

  1. On the host computer, click Start > Control Panel, and double-click on the Security Center icon.
  2. Under Manage security settings for, click Windows Firewall.
  3. If selected, clear the Don't allow exceptions check box.
  4. Click the Exceptions tab, and select the Remote Desktop check box.
  5. Click OK, and then close the Windows Security Center window. Your host computer is now set up to allow remote access.
  6. Close the Control Panel.

Next Step:


Top

[edit]

Preparing To Create VNC Bookmarks

There are a number of VNC products on the market (for example, RealVNC). However, all essentially enable you to interact with a computer remotely. VNC is valuable if you want multiple users to interact with the same computer remotely.

Task Go to
1. Determine that your VNC product supports your operating system. RealVNC
2. Download the VNC Server on the computer that you want to log on to remotely. VNC Enterprise Edition
3. Install the VNC Server.
4. Configure the VNC Server.

Configuring VNC Server

[edit]

Configuring VNC Server

The easiest way to configure the VNC Server is to specify a password and turn off encryption. This procedure assumes that you're using RealVNC, though all VNC products are very similar.

To configure VNC Server:

  1. Launch the VNC Server service.
    Figure, Launching VNC Server Service
    Figure, Launching VNC Server Service
  2. Provide a password for authentication. Users that want to log on to the desktop that runs VNC will need to type this password.
    Figure, Configuring Password Authentication
    Figure, Configuring Password Authentication

Next Step:

[edit]

Adding Portal Users

The Remote Access Portal automatically creates on demand portal accounts for all users in the User Directory. To disable this default, clear the Create Accounts On Demand From User Directory check box in the Global Settings tab > Page Setup.

  • If the check box is selected, when a user authenticates with the User Directory but does not have a portal account, the Untangle Server automatically creates a portal account.
  • If the check box is cleared, only users with a portal account can log in, even if that user can authenticate with the User Directory.

Before You Begin:

To add a portal user:

Figure, Local Directory - Active Directory
Figure, Local Directory - Active Directory
  1. From Remote Access Portal, click the Users tab.
  2. Click on the green plus (+) button to add a new entry. A new row appears.
  3. Click on the [no user id/login] button. The Portal Question window appears.
  4. In the Select an existing user: drop-down list, select the user to whom you want to give Remote Access Portal access, then click Proceed. If you have configured both Local Directory (LDAP) and Active Directory (AD), you can identify users by the tag at the end of the user’s name:
    • (Active Directory). Represents users that authenticate using Active Directory.
    • (local). Represents users that authenticate using Local Directory.
  6. (Optional) Add the user to a group by selecting a group from the group drop-down list.
  7. Click Save Settings.
[edit]

Creating Portal Groups

Groups are a convenient and optional way to organize page settings and bookmarks for a specific group. For example, if you create an Employees group, you can edit all employees' bookmarks and page settings from a single location. You can also have more than one group. For example, an Employees group and a Contractors group, providing bookmarks to different network resources

Figure, Adding User Groups
Figure, Adding User Groups

Warning: Group page settings are overridden by individual user page settings.

To create a group:

  1. From Remote Access Portal, click Group tab.
  2. Click the plus (add) button to the left of the table. A new row appears.
  3. Specify a descriptive name for the group.
  4. Click the Save Settings button.

Top

[edit]

Creating Portal Bookmarks and Customizing Portal Home Page

Figure, Creating Bookmarks and Customizing Portal Look-and-Feel
Figure, Creating Bookmarks and Customizing Portal Look-and-Feel

You can add bookmarks to applications or customize the look-and-feel of the portal home page for any of the following:

Note: The Untangle Server applies page settings to all portal users unless overridden in the user's personal page settings or the user's group page settings.


[edit]

Deciding When To Create a RDP Bookmark or VNC Bookmark

The choice whether to create an RDP bookmark or a VNC bookmark depends on two factors:

  • Your operating system
Operating System RDP VNC
Windows 98 No Yes
Windows 2000 Yes Yes
Windows XP Home No Yes
Windows Media Center No Yes
Windows XP Professional Yes Yes
Mac Yes Yes
Linux/Unix Yes Yes
  • Whether you need collaboration or simply remote access
Operating System RDP VNC
Collaboration No Yes
Remote Access Yes Yes
[edit]

Creating Bookmarks and Customize Home Page for Specific Users

Figure, Creating Bookmarks for Specific Users
Figure, Creating Bookmarks for Specific Users

Before You Begin:

  • If you intend to create a bookmark to a remote desktop, complete the preparation steps outlined in (Windows) Preparing To Create RDP Bookmarks.
  • If you intend to create a bookmark to a network share, ensure that the portal users that you want to access that network share have permissions to that share. Otherwise, users will be denied access to that network share when they click on the network share bookmark.

To create page setting and bookmarks for a specific portal user:

  1. From Remote Access Portal, click Users tab.
  2. Scroll to the row that corresponds to the user for whom you want to create page setting sand bookmarks.
  3. In the bookmarks and page settings column for the group, click the Edit button.
  4. In the User Settings for Employee window, click the plus (add) button to the left of the table. A new row appears.
  5. Select an application from the application drop-down list, provide a descriptive name for the bookmark, and specify the destination in the target text box and any application properties:
    6. VNC bookmarks An example target is 192.168.1.10:0. The target computer must be running a VNC server.
    Network File Browser bookmarks The target is the network file share location. For example, \\myfileserver\share.
    Web Proxy The target is the URL to your company's Intranet site. For example, http://internalwebserver.mycompany.com/.
    Remote Desktop As outlined in

    Figure, Creating Bookmarks for Specific Users, specify the desired size (800x600 is common) size of popup window, view mode so that a user can view the identical desktop, or create a new desktop. The target is the IP address or host name of the desktop that that user wants to control remotely. For example, 192.168.1.10. Tip: Use the optional command text box to specify an application to run instead of logging directly into the machine. An example command is C:\test.exe. The console settings control the actual mouse and keyboard (true) or receive a virtual terminal (false).

    Figure, Desktop View Modes
    Figure, Desktop View Modes

    There are two view modes:

    • steal actual desktop. Choose this mode if you do not want anyone else to log on to this desktop when you are logged on.
    • show actual desktop. Choose this mode if you want to log on to this desktop and also want others to log on at the same time.
  6. Customize the portal home page:
    1. In the User Settings for EmployeeName window, click the Page Setup tab.
    2. Specify the home page characteristics.
  7. Click the Save Settings button.
[edit]

Creating Bookmarks and Customizing Home Page for Portal Groups

To create page setting and bookmarks for a specific portal group:

Before You Begin:

  • Create the group. Go to Creating Portal Groups.
  • If you intend to create a bookmark to a remote desktop, complete the preparation steps outlined in (Windows) Preparing To Create RDP Bookmarks.
  • If you intend to create a bookmark to a network share, ensure that the portal users that you want to access that network share have permissions to that share. Otherwise, users will be denied access to that network share when they click on the network share bookmark.
  1. From Remote Access Portal, click Group tab.
  2. Add a bookmark:
    1. Click the Bookmarks tab.
    2. Scroll to the row that corresponds to the group for whom you want to create page setting sand bookmarks.
    3. In the bookmarks and page settings column for the group, click the Edit button.
    4. In the Group Settings for GroupName window, click the plus (add) button to the left of the table. A new row appears.
    5. Select an application from the application drop-down list, provide a descriptive name for the bookmark, and specify the destination in the target text box and any application properties:
      6. VNC bookmarks An example target is 192.168.1.10:0. The target computer must be running a VNC server.
      Network File Browser bookmarks The target is the network file share location. For example, \\myfileserver\share.
      Web Proxy The target is the URL to your company's Intranet site. For example, http://internalwebserver.mycompany.com/.
      Remote Desktop Specify the desired size (800x600 is common) size of popup window, view mode so that a user can view the identical desktop, or create a new desktop. The target is the IP address or host name of the desktop that that user wants to control remotely. For example, 192.168.1.10. Tip: Use the optional command text box to specify an application to run instead of logging directly into the machine. An example command is C:\test.exe. The console settings control the actual mouse and keyboard (true) or receive a virtual terminal (false).
      Figure, Desktop View Modes
      Figure, Desktop View Modes

      There are two view modes:

      • steal actual desktop. Choose this mode if you do not want anyone else to log on to this desktop when you are logged on.
      • show actual desktop. Choose this mode if you want to log on to this desktop and also want others to log on at the same time.
  3. Customize the portal home page:
    1. In the Group Settings for GroupName window, click the Page Setup tab.
    2. Specify the home page characteristics.
  4. Click the Save Settings button.
[edit]

Creating Bookmarks and Customizing Home Page for All Users

Before You Begin:

  • If you intend to create a bookmark to a remote desktop, complete the preparation steps outlined in (Windows) Preparing to Create RDP Bookmarks.
  • If you intend to create a bookmark to a network share, ensure that the portal users that you want to access that network share have permissions to that share. Otherwise, users will be denied access to that network share when they click on the network share bookmark.

To create page setting and bookmarks for all portal users:

  1. From Remote Access Portal, click Global Settings tab.
  2. Add a bookmark:
    1. Click the plus (add) button to the left of the table. A new row appears.
    2. Click the tab that corresponds to the type of bookmark you want to create.
    3. Click the plus (add) button to the left of the table. A new row appears.
    4. Select an application from the application drop-down list, provide a descriptive name for the bookmark, and specify the destination in the target text box and any application properties:
      5. VNC bookmarks An example target is 192.168.1.10:0. The target computer must be running a VNC server.
      Network File Browser bookmarks The target is the network file share location. For example, \\myfileserver\share.
      Web Proxy The target is the URL to your company's Intranet site. For example, http://internalwebserver.mycompany.com/.
      Remote Desktop Specify the desired size (800x600 is common) size of popup window, view mode so that a user can view the identical desktop, or create a new desktop. The target is the IP address or host name of the desktop that that user wants to control remotely. For example, 192.168.1.10. Tip: Use the optional command text box to specify an application to run instead of logging directly into the machine. An example command is C:\test.exe. The console settings control the actual mouse and keyboard (true) or receive a virtual terminal (false).
      Figure, Desktop View Modes
      Figure, Desktop View Modes

      There are two view modes:

      • steal actual desktop. Choose this mode if you do not want anyone else to log on to this desktop when you are logged on.
      • show actual desktop. Choose this mode if you want to log on to this desktop and also want others to log on at the same time.
  3. Customize the portal home page:
    1. In the User Settings for GroupName window, click the Page Setup tab.
    2. Specify the home page characteristics.
  4. Click the Save Settings button.

Top

[edit]

Example: Creating a Remote Access Portal for Angelic Resumes, Inc.

The following examples represents a portal page for Angelic Resumes, Inc., a company that provides resumes services to clients throughout the San Francisco Bay Area.

Note: To enable portal users can access the Remote Access Portal using the Untangle Server's domain name, rather than the IP address, Angelic Resumes, Inc. mapped its Untangle Server's public IP address to a domain name as outlined in Configuring Untangle Server To Use Dynamic DNS.

[edit]

Example: Creating a Bookmark To a Network Share

Angelic Resumes, Inc. needs two groups: Employees and Contractors. Each group requires access to different network resources. You must define such bookmarks under Group, not User or Global as shown in Figure, Creating Bookmarks and Customizing Portal Look-and-Feel. The following example demonstrates a Remote Access Portal with the following bookmark to a network share, and a portal page with the following customizations:

  • Bookmarks. For the Contractor group, one bookmark to the Share folder on a network share named yokie.
  • Page Setup. Customized page with unique text to greet the contractors that log on to the portal. The portal has Show Application List disabled to restrict contractors from browsing the network.
Figure, Creating a Remote Access Portal for Angelic Resumes, Inc.
Figure, Creating a Remote Access Portal for Angelic Resumes, Inc.
[edit]

Example: Creating an RDP Bookmark To a Desktop

Angelic Resumes, Inc. needs all employees to have access to their individual desktops, and you must define bookmarks that are exclusive to specific users under User, not Group or Global. The following example demonstrates how to create a RDP bookmark.

Note: Desktop bookmarks can use VNC or RDP as discussed in Deciding When To Create a RDP Bookmark or VNC Bookmark.

Figure, Creating an RDP Bookmark for Angelic Resumes, Inc.
Figure, Creating an RDP Bookmark for Angelic Resumes, Inc.
[edit]

Example: Creating a VNC Bookmark To a Desktop

Asngelic Resumes, Inc. needs all employees to have access to a desktop that the company uses to provide remote training for writers. You must define bookmarks that apply to all employees under Global, not User or Group. The following example demonstrates how to create a VNC bookmark.

Note: Desktop bookmarks can use VNC or RDP as discussed in Deciding When To Create a RDP Bookmark or VNC Bookmark.

Figure, Creating a VNC Bookmark for Angelic Resumes, Inc.
Figure, Creating a VNC Bookmark for Angelic Resumes, Inc.
[edit]

Maintaining Remote Access Portals

[edit]

Enabling All Users To Create Bookmarks

Figure, Enabling All Users To Create Bookmarks.
Figure, Enabling All Users To Create Bookmarks.

The Untangle Server applies page settings to all portal users unless overridden in the user's personal page settings or the user's group page settings.

To enable all users to create bookmarks:

  1. From Remote Access Portal, click Global Settings tab.
  2. Click the Page Setup tab.
  3. In the Home Page Features pane, select the Allow User Added Bookmarks.
  4. Click the Save Settings button.

Top

[edit]

Displaying Active Portal Users

To display active portal users:

  1. From Remote Access Portal, click the Refresh button.
  2. Click the Active Users tab.
  3. Use the scroll bar to view the users that are currently logged in to the Remote Access Portal.

Tip: To log off users from the Remote Access Portal, click the logout button.

Top

[edit]

Displaying Portal Users' Historical Activity

To display historical activity:

  1. From Remote Access Portal, click the Event Log tab.
  2. Click the Refresh log button.
  3. Use the scroll bar to view the users' login events and logout events.

Top

[edit]

Setting Idle Timeout for Portal Users

For greater security, you can change the idle timeout setting. By default the Untangle Server logs off any portal user that is idle for 20 minutes or more.

To set idle timeout:

  1. From Remote Access Portal, click Global Settings tab.
  2. In the Group Settings window, click the Page Setup tab.
  3. Scroll down to the Timeout pane, change the idle timeout setting.
  4. Click the Save Settings button.

Top

[edit]

Working With Remote Access Portal Home Page

[edit]

Logging On To Remote Access Portal

To log on to Remote Access Portal:

Figure, Logging On To Remote Access Portal
Figure, Logging On To Remote Access Portal
  1. In a browser, type https://PublicAddress/portal where PublicAddress is either the public hostname or public IP address of the Untangle Server. For example, https://10.0.0.1/portal.
  2. Specify your login and password. The Remote Access Portal home page displays. If you do not have a valid login, contact your administrator.
[edit]

Logging On To RDP Client

For an example, go to Example: Creating a Bookmark To a Desktop.

To log on to a remote desktop:

  1. From Remote Access Portal home page, click the RDP bookmark. A window appears.
  2. Click the Launch Remote Desktop Client link. A Java client launches and connects to the remote computer, and the remote computer's operating system prompts you for a username and password.
  3. Type in your username and password. The remote desktop appears in a Window. From here you can access files and applications on the remote computer just as if you were in front of that remote computer.
[edit]

Logging On To VNC Client

To log on to VPNC client:

  1. From Remote Access Portal home page, click the VNC bookmark. A window appears.
  2. Click the Launch button. A Java VNC application launches.
  3. Type the VNC server's password. You are now connected to the remote computer.

Note: VNC might not present an error if there is a misconfiguration.

[edit]

Logging On To Web Proxy

To log on to Web Proxy:

  1. From Remote Access Portal home page, click the Web Proxy bookmark. A window displays the target site.
  2. Click on the maximize button in the upper right to open a new window.

Top

[edit]

About Remote Access Portal Logs

Use the following terms and definitions to understand Remote Access Portal Event Log:

timestamp The time the event took place.
action The action that was taken on the traffic. Valid values are block and pass.
client The client IP address of the traffic.
reason for action The rule that was applied to the traffic.
server The intended server IP address of the traffic.

Top

[edit]

Related Topics

[edit]

Remote Access FAQs

Retrieved from "http://wiki.untangle.com/index.php/Remote_Access_Portal"
Personal tools