In some occasions, building up a VPN via L2TP or IPSec client might be unsuitable. In those cases, you still can use SSL to establish a VPN Tunnel. Due to Java running out of support within several modern browsers, we provide the SecuExtender client to establish the VPN tunnel. This tutorial will show you tunnel establishment via SecuExtender client.
This tutorial should help you to build a SSL VPN connection from a Windows client to your USG.
On your USG:
1. Log in to the unit by entering its IP address and the credentials for an admin account (by default, username is “admin”, password is “1234”)
2. Navigate to Configuration > VPN > SSL VPN, click “Add” and enter a desired name, leave the zone as “SSL_VPN” and move the needed users to the “Selected User/Group Objects” on the right side
3. Scroll down to “Network Extension” and tick “Enable Network Extension (Full Tunnel Mode)”
4. Use “Create new Object” to create a new “Address“-object of the type “RANGE”. Make sure to define a range that is not conflicting with any existing or known subnet on your USG!
5. Use that previously created object under “Assign IP Pool”
6. Under “Network List”, move the desired network your SSL VPN clients should have access to, to the “Selected Address Objects” and click ”Apply”
On your Windows client:
1. Access the WAN interface IP of the USG and login with a SSL VPN user by clicking on “SSL VPN”
2. If you have not installed the SecuExtender client software already, click on the tab “SecuExtender” and follow the download link
3. After starting the SecuExtender client type in the WAN interface IP of your USG and login using a SSL VPN user by clicking “Connect”
Now you should have established a SSL VPN connection successfully and be greeted by an overview about details of your VPN connection.
For more information on the “Full Tunnel Mode” please visit:
The SecuExtender software can also be found here: