The EnGenius SecuPoint VPN client tool simplifies the configuration of complex VPN setups, enabling remote workers to establish secure SSL VPN connections quickly and easily. Users can input the server's hostname or IP address, along with their credentials (username and password), and the tool will automatically fetch the VPN server's security configurations to establish a secure SSL VPN connection.
EnGenius SecuPoint VPN 客戶端工具簡化了複雜 VPN 設置的配置,使遠程工作者能夠快速輕鬆地建立安全的 SSL VPN 連接。用戶可以輸入伺服器的主機名稱或 IP 地址,以及他們的憑據(用戶名和密碼),該工具將自動提取 VPN 伺服器的安全配置以建立安全的 SSL VPN 連接。
EnGenius SecuPoint VPN 客戶端工具簡化了複雜 VPN 設置的配置,使遠程工作者能夠快速輕鬆地建立安全的 SSL VPN 連接。用戶可以輸入伺服器的主機名稱或 IP 地址,以及他們的憑據(用戶名和密碼),該工具將自動提取 VPN 伺服器的安全配置以建立安全的 SSL VPN 連接。
- 1.Seamless Access: 無縫訪問:
- Allows remote employees secure SSL VPN access to corporate resources, supporting various devices across different platforms.
允許遠程員工通過安全的 SSL VPN 訪問企業資源,支持不同平台上的各種設備。
- 2.Automatic Setup: 自動設置:
- Features automatic push provisioning for hassle-free configuration, ensuring quick and easy VPN access setup.
功能自動推送配置,確保快速簡便的 VPN 訪問設置。
- 3.Agile Authentication: 敏捷驗證:
- Utilizes certificate-based authentication (username and password) to enhance security and streamline user access.
利用基於證書的身份驗證(用戶名和密碼)來增強安全性並簡化用戶訪問。
EnGenius SecuPoint SSLVPN offers distinct advantages over IPSec VPNs, particularly in environments requiring high usability and low maintenance:
EnGenius SecuPoint SSLVPN 在需要高可用性和低維護的環境中,相對於 IPSec VPN 具有明顯的優勢:
EnGenius SecuPoint SSLVPN 在需要高可用性和低維護的環境中,相對於 IPSec VPN 具有明顯的優勢:
Simplicity in Configuration: Designed for easy setup and management, bypassing the complex configurations typically associated with IPSec VPNs.
High Compatibility and Interoperability: Unlike IPSec, which may face compatibility issues, such as IKEv2, due to varied vendor implementations, SSLVPN ensures consistent and reliable performance across all supported devices and platforms.
Efficient NAT and Firewall Traversal: Operates smoothly with NAT and firewall settings using standard HTTPS protocols, avoiding the complications seen with IPSec encrypted packet headers.
Optimized Resource Usage: Less demanding on system resources, ensuring faster and more reliable connections even on devices with limited processing capabilities.
Superior Mobility Support: Ideal for highly mobile users, providing stable connections that seamlessly adapt to changing network environments.
Reduced Setup and Maintenance Costs: Streamlined approach reduces both initial setup complexities and ongoing maintenance burdens.
Conclusion: For organizations prioritizing ease of use, flexibility, and cost-efficiency, the EnGenius SecuPoint SSLVPN Client VPN stands out as the preferred solution. Its user-friendly design, combined with robust security features, makes it ideally suited for modern enterprises with a remote workforce. Consider the EnGenius SecuPoint SSLVPN for a reliable and efficient VPN experience that aligns with your strategic IT needs.
Download SecuPoint Client Tool
To download the SecuPoint VPN client Tool, visit
EngeniusTech's official website
. Alternatively, you can find the download links on the CONFIGURE > Client VPN > SecuPoint page within the ESG for easy access.The SecuPoint SSLVPN client tool is available for Windows, macOS, iOS, and Android.
SecuPoint SSLVPN 客戶端工具可用於 Windows、macOS、iOS 和 Android。
SecuPoint SSLVPN 客戶端工具可用於 Windows、macOS、iOS 和 Android。
Configuration of SecuPoint SSLVPN Client Tool
SecuPoint SSLVPN 客戶端工具配置
SecuPoint SSLVPN 客戶端工具配置
User Connection Profile: 用戶連接配置文件:
Upon installation of the client software, launch the SecuPoint SSLVPN client application.
安裝客戶端軟件後,啟動 SecuPoint SSLVPN 客戶端應用程序。
安裝客戶端軟件後,啟動 SecuPoint SSLVPN 客戶端應用程序。
Users can create one or multiple profiles, specifying the hostname or IP address of the ESG (SecuPoint server) to which they wish to connect.
Figure 1. Add SecuPoint Connection Profile
Auto-push SecuPoint SSL VPN Configuration Profile:
SecuPoint server will automatically push the SecuPoint SSL VPN configuration profile to the user's device once their credentials (username and password) are verified.
This automation eliminates the need for manual configuration, saving significant time for IT personnel on daily network maintenance.
Figure 2. Auto push SecuPoint SSL VPN Configuration Profile
Advanced Settings of SecuPoint VPN Client Tool:
Users can access advanced settings to customize their experience, including preferred language, application launch timing, and program window behavior post-connection establishment.
Additionally, a connection timeout setting is provided to mitigate connection failures due to network instability or authentication delays.
Figure 3. Advance Settings
Connection Timeout:
Specifies the duration the SecuPoint Client Tool attempts to connect to a VPN server (ESG) before giving up.
Adjusting this timeout may help resolve authentication delays caused by server load or slow network responses. The default timeout is set to 15 seconds.
Automatically Launch the SecuPoint VPN Application:
Enables automatic launch of the SecuPoint VPN application by the operating system (OS) upon user login, such as in Windows or macOS environments.
Automatically Minimize Program Window upon VPN Connection:
Upon successful establishment of the SecuPoint VPN connection, the program window of the SecuPoint Client Tool will automatically minimize.
Monitoring SecuPoint VPN Connection Status:
After establishing an SSL VPN connection, users can click on the VPN status to verify the current connection status and routing entries for the VPN's remote subnet.
Figure 4. SecuPoint Client Connection status
Troubleshooting SecuPoint Client VPN Tunnel Connectivity:
SecuPoint VPN Client Tool Logs Page:
Allows users to review log files to diagnose connectivity issues between SecuPoint VPN clients and the SecuPoint Server.
Users can export logs for analysis and troubleshooting, with a provided clear function to facilitate readability by clearing the log before reproducing the issue.
Figure 5. SecuPoint Connection Log
Configuring ESG SecuPoint SSL VPN Client Server on EnGenius Cloud
1. Enabling SecuPoint Client VPN:
Navigate to Configure > Gateway > Client VPN > SecuPoint page.
Toggle the "Enable" option to enabled to activate the SecuPoint Client VPN.
Figure 6. SecuPoint Client VPN
2. Configurable Client VPN Options:
Hostname:
Specifies the EnGenius Gateway hostname for client VPN connections.
If DDNS service is enabled in the WAN settings, the registered DDNS FQDN hostname is displayed, resolving to the Primary WAN public IP address. Otherwise, the Primary WAN public IP address is shown.
EnGenius provide in-house DDNS service by default, so users can use the DDNS hostname for VPN client to access.
Protocol Type/Server Port:
Defines the transport protocol (TCP or UDP) and corresponding port number (default settings: TCP on port 443 or UDP on port 1194) for SecuPoint SSLVPN communication.
VPN Client Subnet:
Specifies the private subnet exclusively for client VPN connections, with the EnGenius Gateway serving as the default gateway.
DNS Server:
Determines the DNS server used by VPN clients for hostname resolution, offering the choice between Google Public DNS or custom DNS servers specified by IP address.
Client Routing:
Defines routing rules for SecuPoint client devices, allowing selection between full tunneling (Send all traffic routed through VPN: Send all cleint traffic through VPN) or split tunneling (only specified traffic routed through VPN: Only send traffic to ESG LAN through VPN).
Authentication Type:
Provides options for authenticating Client VPN users using either the local ESG VPN User database or external RADIUS servers.
3. SecuPoint VPN Client Tool:
Provides access to download the SecuPoint VPN client Tool for users' devices.
4. Split Tunneling & Full Tunneling for SecuPoint Client VPN:
Full Tunneling:
Routes all client internet traffic through the VPN tunnel to the VPN server, ensuring security and encryption for all data transmitted.
Advantages:
Enhanced security and privacy.
Uniform application of network policies.
Disadvantages:
Increased bandwidth usage on the VPN gateway.
Potential slowdown in internet speeds.
Figure 7. Full Tunneling
Split Tunneling:
Allows users to choose which traffic passes through the VPN tunnel and which connects directly to the internet.
Advantages:
Reduced bandwidth load on the VPN gateway.
Faster access to the internet for non-sensitive activities.
Disadvantages:
Potential security risks if not properly configured.
Requires careful configuration for secure data routing.
Figure 8. Split Tunneling
Usage Scenarios:
Full Tunneling:
Preferred in environments prioritizing security and data privacy, such as governmental or financial institutions.
Split Tunneling:
Suitable for optimizing bandwidth and performance in scenarios where VPN security is not required for all activities, or simultaneous access to local network resources and the internet is necessary.
Both methods should align with organizational needs and security policies.
SecuPoint VPN Connection and Licensing
Number of SecuPoint VPN Connections:
Each SecuPoint VPN connection consumes one VPN user. Each gateway(ESG / XG-60) provides 2 free VPN users by default. Users can increase this number by associating SecuPoint client VPN licenses with a gateway.
Licensing Features & Capabilities:
SKU
SPC-1YR-LIC: 1 Year License per user.
SPC-3YR-LIC: 3 Year License per user.
For example, this license could be the “SPC-1YR-LIC for 10 VPN users”, standing for 10 user expansion available for one year.
Per User-Based License
On-device license
7-day grace period
90-day activation window.
As shown in Figure 9, ESG 1 supports 2 free VPN users. By adding an SPC License (e.g., SPC-1YR-LIC for 10 users), up to 12 VPN users can simultaneously establish connections.
Figure 9. How to expand the number of VPN users
Example:
ESG 1 can support 2 free SecuPoint VPN users for establishing connections, one for Felicia and the other for Eason. If more VPN users, such as Jayden, need to simultaneously establish SecuPoint VPN connections to ESG 1, the admin can bind an SPC License (e.g., SPC-1YR-LIC for 10 users) to ESG 1. With this license, up to 12 (10+2 free) VPN users can simultaneously establish successful VPN connections.
Figure 9.Bind SPC License to increase the number of SecuPoint VPN connections
VPN User Connections on Multiple Devices
A VPN user account can simultaneously connect on multiple devices. When the same VPN user establishes SecuPoint VPN connections with an ESG using different devices, such as a laptop and a tablet, each connection will occupy one VPN user seat.
Example:
If you have an ESG-1 without any additional SecuPoint Client VPN License, only 2 free VPN users can simultaneously establish successful VPN connections, as demonstrated in the following scenarios:
First, User Jayden can establish VPN connections with ESG-1 via Laptop 1 and Laptop 4.
It's important to note that when a VPN user establishes multiple VPN connections using different devices, each connection is treated as a separate VPN user connection. This will consume 2 VPN user seats.
Then, User Felicia cannot establish a VPN connection with ESG-1 via Laptop 2 because the maximum allowable number of SecuPoint VPN users on ESG-1 is 2, and those VPN seats are already in use by User Jayden through Laptop 1 and Laptop 4. Similarly, User Jake is unable to establish a VPN connection with ESG-1 via Laptop 3 for the same reason, as the available VPN user seats are already occupied by User Jayden through Laptop 1 and Laptop 4.
Monitoring VPN Users
How to Calculate Available VPN Users on ESG
The maximum total number of SecuPoint VPN user connections supported on a gateway at any given moment is determined by the combined count of VPN users from all bound SecuPoint Client VPN licenses, in addition to the 2 free VPN users included with the device.
Maximum Total Number of Supported SecuPoint VPN Users =
Sum of VPN users from each active SecuPoint Client VPN license bound to the device
+2 free VPN users.
Example:
Consider an ESG appliance bound to two SPC VPN client licenses: SPC-1YR-LIC for 20 users and SPC-3YR-LIC for 10 users. These licenses have different activation and expiration dates.
License
VPN users
Activation Date
Expiration Date
SPC-1YR-LIC
20
01/01/2024
12/31/2024
SPC-3YR-LIC
10
06/01/2024
05/31/2027
During the period from 6/1/2024 to 12/31/2024, the ESG holds both VPN client licenses simultaneously. The maximum total number of supported VPN users for ESG1 is 32, calculated as follows: 20 (SPC-1YR-LIC) +10 (SPC-3YR-LIC) +2 (free VPN users) =32
During the period from 1/1/2024 to 5/31/2024, the ESG only holds the SPC-1YR-LIC for 20 users. The maximum total number of supported VPN users for ESG1 is 22, calculated as follows: 20 (SPC-1YR-LIC) }+ 2 (free VPN users) = 22
During the period from 1/1/2025 to 5/31/2027, the ESG only holds the SPC-3YR-LIC for 10 users. The maximum total number of supported VPN users for ESG1 is 12, calculated as follows: 10 (SPC-3YR-LIC) + 2 (free VPN users) = 12
Monitoring Status
To monitor the current number of VPN user connections for each gateway, navigate to MANAGE > Gateway. Here, you can view the SecuPoint Users field for each gateway.
For more detailed information, follow these steps:
Go to MANAGE > Gateway and select a gateway.
Click the Detail button.
If the SecuPoint VPN server is enabled, the value of the SecuPoint VPN client will be displayed as follows:
The number on the left represents the current number of VPN user connections (e.g., 2).
The number on the right represents the maximum number of VPN users allowed on the gateway (e.g., 102). This total includes the sum of VPN users from each bound SecuPoint VPN License plus 2 free users.
If the SecuPoint VPN server is disabled, the SecuPoint VPN client value will be displayed as disabled.
To check the expiration date of each bound SecuPoint VPN Client License, navigate to Inventory & License > Licenses > Client VPN.
In larger enterprises, when the VPN connection scale exceeds 100, it can be challenging for MIS to allocate specific users to designated devices effectively. To address this, a mechanism allows sharing VPN users across up to 3 devices within the same organization when the VPN user count associated with the SecuPoint VPN Client License exceeds 100.
For example, if a SecuPoint VPN license with 100 VPN users enables the sharing feature and is bound to three devices (ESG-1, ESG-2, and ESG-4), these three devices can simultaneously share 100 VPN users.
Add a SecuPoint VPN client license with more than 100 VPN users (Primary) and associate it with a gateway.
Activate the "Sharing VPN users" feature by clicking the "Share" button on the license.
Upon clicking the "Share" button:
A replica license will be created and associated with your selected gateway.
A primary license can generate up to 2 replica licenses, allowing the association of an additional 2 gateways.
The VPN users from the primary license are shared across up to 3 gateways.
The values of all fields in the Replica License, such as activation date, expiration date, and number of users, are identical to those of the Primary License. The only difference lies in the license key, which appends "-1" or "-2" to the end of the Primary license key.
Undo Behavior
Undo Behavior of the Primary License:
The primary license has an Undo Action with a Grace Period.
Undo Behavior of the Replica License:
This undo action does not have a grace period. The Undo Action will continuously appear, and when Undo is pressed, the device will be unbound from the Replica license, and the Replica license will automatically disappear.
SecuPoint Client VPN License
How to Associate a SecuPoint VPN License with a Gateway
The purpose of binding a SecuPoint Client VPN License to a device is to expand the number of VPN users available on that gateway. When users select multiple licenses and click the "Add License" button, these licenses will be simultaneously bound to the specified gateway. The total number of VPN users on that gateway is calculated as the sum of VPN users from all bound and active licenses.
Example:
Select two SecuPoint Client VPN Licenses and bind them to a specific gateway to expand the number of available VPN users.
Managing and Monitoring SecuPoint VPN Licenses
Users can add SecuPoint Licenses or bind licenses to Gateway (ESG) via the "Inventory & Licenses > License > VPN Clients" page. This page provides details on the activation date, expiration date, duration, number of VPN users, and other relevant information for each license, allowing users to monitor the current status of their licenses.
De-registering a Gateway Bound to an Active SecuPoint Client VPN License from the Organization
When a user deregisters a gateway bound to an active SecuPoint Client VPN license from an organization, the device will disappear from the organization. However, since the SecuPoint VPN license is an on-device license, the device will continue to remain bound to the license. As long as the license has not expired, the device will still be able to expand the VPN user count.
Here is the De-Register Device Warning Popup window.
Removing a Gateway Associated with a SecuPoint VPN License from a Network
When a user unbinds a gateway device from the network, the gateway will continue to remain bound to the SecuPoint VPN license, as it is an on-device license. As long as the license has not expired, the device will still be able to expand the VPN user count.
EN
Last modified 3d ago