Creating a virtual host allows users to log in using a different hostname than your default URL. For example, sales members can access
https://sales.company.com instead of the default domain,
https://vpn.company.com that you use for administration. The Portal URL (for example,
https://vpn.company.com/portal/sales) still exists even if you define a virtual host name. Virtual host names enable administrators to give separate and distinct login URLs to different groups of users.
Navigate to Portals > Portals.
- Click Add Portal or Configure next to the portal you want to configure.
Go to the Virtual Host section.
Enter a host name in the Virtual Host Domain Name field, for example,
sales.company.com. This field is optional.
Only alphanumeric characters, hyphen (-) and underscore (_) are accepted in the Virtual Host Domain Name field.
Select a specific Virtual Host Interface for this portal if using IP based virtual hosting.
If your virtual host implementation uses name based virtual hosts — where more than one hostname resides behind a single IP address — choose All Interfaces from the Virtual Host interface.
- If you selected a specific Virtual Host Interface for this portal, enter the desired Virtual Host IP Address in the field provided. This is the IP address users use to access the Virtual Office portal.
If you selected a specific Virtual Host Interface for this portal, you could specify an IPv6 address in the Virtual Host IPv6 Address field. You can use this address to access the virtual host. Enter the IPv6 address using decimal or hexadecimal numbers in the form:
If you plan to use a unique security certificate for this sub-domain, select the corresponding port interface address from the Virtual Host Certificate list.
Unless you have a certificate for each virtual host domain name, or if you have purchased a *.domain SSL certificate, your users might see a Certificate host name mismatch warning when they log in to the Secure Mobile Access Virtual Office portal. The certificate hostname mismatch affects the login page, NetExtender; Other Secure Mobile Access client applications are not affected by a hostname mismatch.
To achieve a single point of access for users, configure External Website Bookmarks for application offloading portals by selecting Enable Virtual Host Domain SSO to enable cross domain Single Sign-On (SSO). Cross Domain SSO shares the credentials for all portals in the same shared domain. Enabling Virtual Host Domain SSO automatically sets the Shared Domain Name one level up from the Virtual Host Domain name and displays it in the Shared Domain Name field. For example, the Shared Domain Name is
example.com if the Virtual Host Domain is webmail.example.com.
- Under the Advanced SSL/TLS settings section, the Enforce Forward Secrecy field allows you to: Use Global Setting, Enable, or Disable the feature. Enable this option to allow current information to be kept in secrecy, even if the private key is compromised in the future. Note that browsers that do not support Forward Secrecy might not be able to connect to the SMA appliance. The performance of this feature can decline depending on the ciphers that the client browser supports.
- Verify Backend SSL Server Certificate for Proxy connections — When this option is enabled, the connection is dropped if the backend SSL/TLS server certificate is not trusted. The verification depth is 10. Alert level log messages are also generated when this option is enabled.
- Enable Force SSL/TLS version for Proxy connections to enable communication between the Virtual Host and the Backend Server.