In some occasions, building up a VPN via L2TP or IPSec client might be unsuitable. In those cases, you still can use SSL to establish a VPN Tunnel. Due to Java running out of support within several modern browsers, we provide the SecuExtender client to establish the VPN tunnel. This tutorial will show you tunnel establishment via SecuExtender client.
This tutorial should help you to build a SSL VPN connection from a Windows client to your USG.
1.On your USG:
1. Log in to the unit by entering its IP address and the credentials for an admin account (by default, username is “admin”, password is “1234”)
2. Navigate to
Configuration > VPN > SSL VPN
click “Add” and enter a desired name, leave the zone as “SSL_VPN” and move the needed users to the “Selected User/Group Objects” on the right side. Click on create new object > User/Group to add user if desired
3. Scroll down to “Network Extension” and tick “Enable Network Extension (Full Tunnel Mode)”. Create new Address-object of the type “RANGE”. Choose that range later as Assign IP Pool
Make sure to define a range that is not conflicting with any existing or known subnet on your USG!
4. Under “Network List”, move the desired network your SSL VPN clients should have access to, to the “Selected Address Objects” and click ”Apply”
2. On your Windows client:
1. Access the WAN interface IP of the USG and login with a SSL VPN user by clicking on “SSL VPN”
If needed you have to install Java to use that service
2. If you have not installed the SecuExtender client software already, click here
3. After starting the SecuExtender client type in the WAN interface IP of your USG and login using a SSL VPN user by clicking “Connect”
If SecuExtender says that the connection is untrusted click on YES
Now you should have established a SSL VPN connection successfully and be greeted by an overview about details of your VPN connection.
For more information on the “Full Tunnel Mode” please visit:
3. Testing the Result
Trying to ping a device which is located in the remote network
See the video for more detail: