By adding group-policy-based VPN group policies to your CloudGen Firewall SSL VPN resources, you can let end users self-provision the VPN clients on their Windows, macOS, or iOS devices. Users then only need to log into their desktop or mobile portal and click the provisioning link. By default, the VPN group policy uses session and user attributes for single sign-on. The downloaded file automatically configures the Barracuda VPN client or iOS VPN client, depending on the operating system. Currently, VPN files containing personal license files (*.lic) cannot be uploaded.
Before You Begin
- Configure a Client-to-Site VPN group policy. For more information, see Client-to-Site VPN.
- (macOS X and Windows only) Install the Barracuda VPN Client. For more information, see Installing the Barracuda Network Access/VPN Client for Windows.
Step 1. Export the Client-to-Site VPN Group Policy
Download the VPN group policy (*.vpn) file from the Client-to-Site configuration.
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > Client-to-Site.
- Click the External CA tab.
- In the Group Policy tab, double-click on the VPN group policy. The Edit Group Policy window opens.
- Click Export to file. The Export VPN Profile window opens.
- Enter a new Description.
- Enter the IP address of the VPN Server.
- Click OK.
- Save the file.
Step 2. Create a VPN Group Policy Resource
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > SSL-VPN .
- In the left menu, select VPN Group Policy.
- Click Lock.
- Click + to add a new VPN Group Policy.
- Enter a Name and click OK. The VPN Group Policy window opens.
- Enter the Display Name.
- (optional) To restrict access to the VPN files by user group, replace the * entry in the Allowed User Groups list. Click + to add new user groups.
- Click Ex/Import and select Import from File.
- Select the VPN group policy file you exported in step 1.
- (SSO only) Enter a session or user attribute for the Username and Password. For more information, see How to Use and Create Attributes.
- Click Open.
- Click OK.
- Click Send Changes and Activate.
To configure the VPN clients on their desktop or iOS device, users can access the VPN group policies through either the SSL VPN web portals or CudaLaunch. Clicking on the VPN group policy resource adds the policy to the VPN client installed on the device. For CudaLaunch on mobile devices, the VPN connection is fully managed by the app, including updating the VPN profile if the VPN file attached to the group policy in the SSL VPN is changed. For Windows and macOS devices, the VPN connection for the Barracuda VPN Client can be downloaded directly from CudaLaunch or the web portal, but VPN configuration changes are not synced.