MDS OmniShield subscriptions offer several options for "Remote Access".
For simplicity sake, in this article we will break these down into two general types of remote access :
Multi-Site VPN (Type 1) OR on-demand SSL-VPN access (Type 2)
The following article includes description and details for each type of Remote Access option that you have available to you, while using our MDS Cloud.
Type 1: Multi-site VPN (Pro subscription required)
Short description: Always-on remote access
Multi-site solution for an "Always-on" connection. Individual MDS deployments at multiple customer sites, allow multiple customer office locations to connect to each other all while simultaneously leveraging MDS Clean Internet
At least 1 Pro Subscription for the initial customer site, followed by any Lite, Standard, Standard Plus, or Pro subscriptions for remote locations (secondary sites)
This multi-site deployment solution is intended for customer with multiple physical offices. The multi-site deployment scenario requires a Pro subscription at the primary office to protect the main site using the MDS Clean Internet, followed by any lite, standard, or standard plus MDS subscription at subsequent locations. Subsequent MDS deployments at new sites can connect to the existing Pro subscription by individually connecting to the same MDS Cloud datacenter the original subscription is connected to, and allows for 2 or more offices to connect their networks to each other for inter-office connectivity. Outbound internet access continues to be protected by our MDS Cloud and each subscription (location) is controlled by its individual configuration settings in the portal.
Purchase a Pro subscription for the main office, and a lite subscription for a home office. These would allow for a multi-site deployment scenario. Purchase a Pro subscription for the first location and a Standard for the second location.
Type 2: SSL-VPN (All subscription types)
Short description: On-demand Remote Access for roaming clients
If you are looking for an on-demand connection back to the office while traveling, and have an MDS subscription at the main office, you can simply connect to the office using one of two methods for on-demand remote access methods.
Steps for setting up a Remote Access VPN user:
1. Log in to your MDSManager portal
2. Select the Cloud link that you want to enable Remote Access VPN
3. On Advanced page/tab, turn on the "Remote Access VPN".
4. Enter the Username and Password, and bookmarks then save.
Method A: Remote Access using SSL-VPN Web Portal
The Remote Access SSL-VPN web portal allows for several connection types including RDP, FTP, SMB, Web.
***IMPORTANT PLEASE READ*******
Web Based Portal Bookmarks are going to be deprecated in concert with major browsers. Last remaining support has been removed from Firefox version 52 as of March 7, 2017. Please switch to Method B as discussed below. For a short time period, Firefox will continue to support using Firefox ESR (Extended Support Release) which can be downloaded from Mozilla to allow bookmarks to continue to work for another short while if partners are not ready to switch to Method B just yet.
This feature is available for all current subscription levels of MDS. An active MDS V-Shield subscription is required. The SSL-VPN Web portal must be accessed using Firefox browser and is supported on MAC and Windows operating systems. An up-to-date Java client must be installed. Remote access must be turned on in the Wizard along with a username and password as well as a bookmark defined.
Purpose: Intended to allow machines outside the office to access in-office internal resources that are connected to the MDS network using easy find shortcuts that are defined using the MDS Setup Wizard.
Examples: Create and RDP shortcut that allows access to and always on desktop or server in the office. Connect outside office using a machine with Firefox web browser, and simply click on shortcut to launch and RDP session to an internal server.
1. Copy the mdsremote.com URL from MDSManager under "REMOTE ACCESS" and paste into a new Firefox tab.
2. Connect using the previously setup username and password. When prompted, please Allow "FortiClient SSLVPN tunnel Service Firefox".
3. Select the bookmark to connect and, when prompted again, activate/allow the Java application.
4. Log in to whatever bookmark you have configured and you are all set to go.
Method B: On-demand remote access using SSL-VPN tunnel client
Currently a full tunnel VPN client can be downloaded for Windows and MAC devices, configured, and launched for on-demand connection that establishes a full SSL-VPN tunnel back to the office. (Personal Mobile devices such as iPads, iPhones or Android etc. are able to connect with appropriate apps but these are not supported)
Note: This solution, Type 2, is not intended or supported for a dedicated home office site, but rather only intended as an on-demand and as needed connection. This is not a replacement for a Type 1 scenario as called out above.
This feature is available for Standard subscription levels of MDS and higher. An active MDS OmniShield subscription is required. Remote access must be turned on in the Wizard along with a username and password as well as a bookmark defined.
Intended to allow machines outside the office to access in-office internal resources that are themselves connected to the MDS network.
Launch the SSL-VPN client and establish a connection to the office. Launch remote desktop application and connect to an internal desktop or server using its static IP in the office that is currently protected by MDS. Browse to an internal only web server.
1. If do not have FortiClient already installed on your machine, then download it from http://forticlient.com/
3. Run the setup wizard to install FortiClient.
4. Launch FortiClient, then click on the setting cog icon, and then select "Add a new connection"
5. Fill in the Connection Name, Description, and, on the "Remote Gateway", insert the mdsremote.com URL of the cloud link you are connected to, plus check the box for "Customize port" and edit the port to "20443".
6. Apply the settings then log in using your username and password.
7. If trouble with these steps go here for a more detailed explanation