Disable the clipboard in SSL VPN web mode RDP connections

In web portal profiles, the clipboard can be disabled for SSL VPN web mode RDP/VNC connections. User will not be able to copy and paste content to or from the internal server.

Example

In this example, two groups of users are using SSL VPN web mode to access internal servers with RDP/VNC. One group is allowed to copy and paste content to and from the internal server using the clipboard, while the other is not.

To configure the SSL VPN portals in the GUI:

Go to VPN > SSL-VPN Portals and click Create New.
Enter a name for the portal, such as testportal1.
Enable Enable Web Mode and enable RDP/VNC clipboard to allow copying and pasting.
Configure the remaining settings as needed.
Click OK.
Click Create New again.
Enter a name for the portal, such as testportal2.
Enable Enable Web Mode and disable RDP/VNC clipboard to prevent copying and pasting.
Configure the remaining settings as needed.
Click OK.

To configure the SSL VPN settings in the GUI:

Go to VPN > SSL-VPN Settings.
Set Listen on Interface to port2.
In the Authentication/Portal Mapping table, add the users to each of the portals:
1. Click Create New.
2. Set Users/Groups to u1 and Portal to testportal1.
3. Click OK, then click Create New again.
4. Set Users/Groups to u2 and Portal to testportal2.
5. Click OK.
Configure the remaining settings as needed.
Click Apply.

To configure a firewall policy for SSL VPN in the GUI:

Go to Policy & Objects > Firewall Policy and click Create New.
Set a name for the policy, such as policy_to_sslvpn_tunnel.
Set Incoming Interface to the SSL VPN tunnel interface and Outgoing Interface to port1.
Set Source to the users, u1 and u2, and all addresses.
Set Destination to all addresses.
Set Schedule to always, Service to All, and Action to Accept.
Configure the remaining settings as needed.
Click OK.

To test the if the users can use the clipboard:

On the PC, open a web browser and log in to the web portal as user u1.
Access the internal server using RDP/VNC.
The clipboard is available and you can copy and paste content to and from the remote server.
Log out of the web portal, then log back in as user u2 and access the internal server using RDP/VNC.

The clipboard is disabled.

To configure the SSL-VPN portals and settings in the CLI:

Configure the SSL VPN portals:

config vpn ssl web portal
    edit "testportal1"
        set web-mode enable
        set clipboard enable
        ...
    next
    edit "testportal2"
        set web-mode enable
        set clipboard disable
        ...
    next
end

Configure the SSL VPN settings:

config vpn ssl settings
    set port 1443
    set source-interface "port2"
    set source-address "all"
    set source-address6 "all"
    set default-portal "tunnel-access"
    config authentication-rule
        edit 1
            set users "u1"
            set portal "testportal1"
        next
        edit 2
            set users "u2"
            set portal "testportal2"
        next
    end
end

Configure a firewall policy for SSL VPN:

config firewall policy
    edit 1
        set name "policy_to_sslvpn_tunnel"
        set srcintf "ssl.vdom1"
        set dstintf "port1"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set srcaddr6 "all"
        set dstaddr6 "all"
        set schedule "always"
        set service "ALL"
        set nat enable
        set users "u1" "u2"
    next
end

On the PC, open a web browser, log in to the web portal as user u1, access the internal server using RDP/VNC, and use the clipboard.

Check the SSL VPN session monitor:

# get vpn ssl monitor
SSL-VPN Login Users:
 Index   User    Group   Auth Type      Timeout         Auth-Timeout    From     HTTP in/out    HTTPS in/out    Two-factor Auth
 0       u1             1(1)             N/A     10.1.100.146   0/0     0/364   0

SSL-VPN sessions:
 Index   User    Group   Source IP      Duration        I/O Bytes       Tunnel/Dest IP
 0       u1             10.1.100.146     64      0/700  RDP 172.18.58.109

On the PC, open a web browser, log in to the web portal as user u2, access the internal server using RDP/VNC, and note that the clipboard is not available.

Check the SSL VPN session monitor:

# get vpn ssl monitor
SSL-VPN Login Users:
 Index   User    Group   Auth Type      Timeout         Auth-Timeout    From     HTTP in/out    HTTPS in/out    Two-factor Auth
 0       u2             1(1)             N/A     10.1.100.146   0/0     0/2681  0

SSL-VPN sessions:
 Index   User    Group   Source IP      Duration        I/O Bytes       Tunnel/Dest IP
 0       u2             10.1.100.146     7       0/553  RDP 172.18.58.109

Disable the clipboard in SSL VPN web mode RDP connections

In web portal profiles, the clipboard can be disabled for SSL VPN web mode RDP/VNC connections. User will not be able to copy and paste content to or from the internal server.

Example

To configure the SSL VPN portals in the GUI:

Go to VPN > SSL-VPN Portals and click Create New.
Enter a name for the portal, such as testportal1.
Enable Enable Web Mode and enable RDP/VNC clipboard to allow copying and pasting.
Configure the remaining settings as needed.
Click OK.
Click Create New again.
Enter a name for the portal, such as testportal2.
Enable Enable Web Mode and disable RDP/VNC clipboard to prevent copying and pasting.
Configure the remaining settings as needed.
Click OK.

To configure the SSL VPN settings in the GUI:

Go to VPN > SSL-VPN Settings.
Set Listen on Interface to port2.
In the Authentication/Portal Mapping table, add the users to each of the portals:
1. Click Create New.
2. Set Users/Groups to u1 and Portal to testportal1.
3. Click OK, then click Create New again.
4. Set Users/Groups to u2 and Portal to testportal2.
5. Click OK.
Configure the remaining settings as needed.
Click Apply.

To configure a firewall policy for SSL VPN in the GUI:

Go to Policy & Objects > Firewall Policy and click Create New.
Set a name for the policy, such as policy_to_sslvpn_tunnel.
Set Incoming Interface to the SSL VPN tunnel interface and Outgoing Interface to port1.
Set Source to the users, u1 and u2, and all addresses.
Set Destination to all addresses.
Set Schedule to always, Service to All, and Action to Accept.
Configure the remaining settings as needed.
Click OK.

To test the if the users can use the clipboard:

On the PC, open a web browser and log in to the web portal as user u1.
Access the internal server using RDP/VNC.
The clipboard is available and you can copy and paste content to and from the remote server.
Log out of the web portal, then log back in as user u2 and access the internal server using RDP/VNC.

The clipboard is disabled.

To configure the SSL-VPN portals and settings in the CLI:

Configure the SSL VPN portals:

config vpn ssl web portal
    edit "testportal1"
        set web-mode enable
        set clipboard enable
        ...
    next
    edit "testportal2"
        set web-mode enable
        set clipboard disable
        ...
    next
end

Configure the SSL VPN settings:

config vpn ssl settings
    set port 1443
    set source-interface "port2"
    set source-address "all"
    set source-address6 "all"
    set default-portal "tunnel-access"
    config authentication-rule
        edit 1
            set users "u1"
            set portal "testportal1"
        next
        edit 2
            set users "u2"
            set portal "testportal2"
        next
    end
end

Configure a firewall policy for SSL VPN:

config firewall policy
    edit 1
        set name "policy_to_sslvpn_tunnel"
        set srcintf "ssl.vdom1"
        set dstintf "port1"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set srcaddr6 "all"
        set dstaddr6 "all"
        set schedule "always"
        set service "ALL"
        set nat enable
        set users "u1" "u2"
    next
end

On the PC, open a web browser, log in to the web portal as user u1, access the internal server using RDP/VNC, and use the clipboard.

Check the SSL VPN session monitor:

# get vpn ssl monitor
SSL-VPN Login Users:
 Index   User    Group   Auth Type      Timeout         Auth-Timeout    From     HTTP in/out    HTTPS in/out    Two-factor Auth
 0       u1             1(1)             N/A     10.1.100.146   0/0     0/364   0

SSL-VPN sessions:
 Index   User    Group   Source IP      Duration        I/O Bytes       Tunnel/Dest IP
 0       u1             10.1.100.146     64      0/700  RDP 172.18.58.109

On the PC, open a web browser, log in to the web portal as user u2, access the internal server using RDP/VNC, and note that the clipboard is not available.

Check the SSL VPN session monitor:

# get vpn ssl monitor
SSL-VPN Login Users:
 Index   User    Group   Auth Type      Timeout         Auth-Timeout    From     HTTP in/out    HTTPS in/out    Two-factor Auth
 0       u2             1(1)             N/A     10.1.100.146   0/0     0/2681  0

SSL-VPN sessions:
 Index   User    Group   Source IP      Duration        I/O Bytes       Tunnel/Dest IP
 0       u2             10.1.100.146     7       0/553  RDP 172.18.58.109

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Administration Guide

Disable the clipboard in SSL VPN web mode RDP connections

Disable the clipboard in SSL VPN web mode RDP connections

Example

To configure the SSL VPN portals in the GUI:

To configure the SSL VPN settings in the GUI:

To configure a firewall policy for SSL VPN in the GUI:

To test the if the users can use the clipboard:

To configure the SSL-VPN portals and settings in the CLI:

Disable the clipboard in SSL VPN web mode RDP connections

Disable the clipboard in SSL VPN web mode RDP connections

Example

To configure the SSL VPN portals in the GUI:

To configure the SSL VPN settings in the GUI: