Frequently Asked Questions (FAQ)
- How do I request access to the SSL-VPN system?
- Do I have to request access from every computer I connect from?
- How is a connection established to the County network?
- What's the difference between split tunnel, (econnect/sslvpn-employee) and non-split tunnel, (econnect2/sslvpn-employee2) connections.
- Why isn't there a split tunnel option for Vendor, Outside Entity, Expanded Employee access, (vconnect.miamidade.gov)?
- When requesting access, what's the difference between "County Employee" and "County Employee Expanded Access"?
- After connecting, what can I do?
- I'm a County employee. Why are you asking for my employee ID and part of my social security number when I submit a request for SSL-VPN access?
- Is any special software installation required?
- What operating systems are supported?
- What browsers are supported?
- Can I use SSL-VPN over my mobile device, (Windows mobile phone, Blackberry, etc)?
- Is administrative access required?
- What is the endpoint analysis that is performed before I can log on?
- A vendor's access has expired or will expire soon, how can I get it extended?
- What anti-virus vendors are supported?
- What's with the TCP connection denied popup I'm getting?
How do I request access to the SSL-VPN system?
See the short video demo on how request access: click here: video tutorials.
Note that you cannot request access from a system external to the County's internal network, (Metronet). You have to do this from within Metronet.
Do I have to request access from every computer I connect from?
No, you only need to request access once.Back to Top
How is a connection established to the County network?
Remote connection services are provided through an SSL-VPN tunnel. A user will open his browser to connect.miamidade.gov and click on URL for the connection he is configured to use. For a video demo on how to connect click, click here: video tutorials.Back to Top
What's the difference between split tunnel, (econnect/sslvpn-employee) and non-split tunnel, (econnect2/sslvpn-employee2) connections.
With a split tunnel connection, (econnect.miamidade.gov, sslvpn-employee.miamidade.gov) only County IP Metronet and DMZ IP addresses are sent down the tunnel, (10.x.x.x and many 65.87.x.x IP's), thus allowing the connected user direct Internet access as well as connectivity to local network resources.
With a non-split tunnel connection, (econnect2.miamidade.gov, sslvpn-employee2.miamidade.gov) all traffic will be sent down the tunnel and the user will not have direct Internet access or connectivity to local network resources.
Some systems and applications have connection problems when connected over a split tunnel and the non-split option was brought up in response.Back to Top
Why isn't there a split tunnel option for Vendor, Outside Entity, Expanded Employee access, (vconnect.miamidade.gov)?
In order to securely offer a split tunnel option to employees, the default access is very limited, (RDP, HTTP, and HTTPS only). The very nature of most non-employee access requires broader access to specific systems and split tunneling cannot be securely provided.Back to Top
When requesting access, what's the difference between "County Employee" and "County Employee Expanded Access"?
County Employee: requesting default access, (unrestricted when connecting from a County domain client computer, with non-County computers only RDP, HTTP, HTTPS remote traffic is allowed). Such accounts will have access to local network resources through split tunneling. Individuals can only request access for themselves, not other employees.
County Employee Expanded Access: Used in the rare cases that additional access is required. Requests will need to supply specific systems which they will be accessing and will need approved by the security office. Accounts with expanded access, will be restricted from using local network resources when connected to Metronet as split tunneling is turned off for expanded access accounts.Back to Top
After connecting, what can I do?
County employees and full time contractors will access their County workstation via remote desktop, (RDP). Also, browser access to systems via http and https is configured. County computer clients have full Metronet access. If additional access above RDP, http and https is required when using non-County client computers, the user needs to request such access using the SSL-VPN request system and security office approval will be needed.
Outside entities, (ie. vendors, consultants and other governmental organization) will have restricted access to specific systems as authorized by the security office.Back to Top
I'm a County employee. Why are you asking for my employee ID and part of my social security number when I submit a request for SSL-VPN access?
To make the request system quick and easy, a system was developed that calls a web service that locates the employee record using employee ID in a payroll/HR database, and validates the last four of the SSN that the user entered. This is to confirm the identity of the person requesting access, and once confirmed the user is automatically granted access. Only the last for digits of the SSN is requested and the response is not stored in the database. The system has been specified, reviewed and approved by the Enterprise Network Access Group, HR/Payroll Group and the Security Office.Back to Top
Is any special software installation required?
After establishing the initial connection, the user will be prompted to install an Active X control. No other software installation is required.Back to Top
What operating systems are supported?
Windows 7, Windows 8 & Windows 10 and MAC OS (With Trend Anti-virus only)
Legacy System Only: Windows XP 32 bit & Vista
What browsers are supported?
Internet Explorer version 7 thru 9, IE 11 - Windows 8 only; the system installs ActiveX plug-ins.Back to Top
Can I use SSL-VPN over my mobile device, (Windows mobile phone, Blackberry, etc)?
Only computers that host a supported operating system and browser can be used.Back to Top
Is administrative access required?
Yes, the user must have administrative access on the client computer in order to install required plug-ins.Back to Top
What is the endpoint analysis that is performed before I can log on?
Before presenting a logon screen, the system performs a scan of the user's computer to insure that supported anti-virus software is installed and running.Back to Top
A vendor's access has expired or will expire soon, how can I get it extended?
Have the County employee responsible for the vendor's access submit an update service request as described in the demo at Video Tutorials:
"How to request SSL-VPN access, Vendor, Outside Entity, County Employee expanded access".
Put in the comments that this is an extension of existing vendor access. Do not attach a completed spreadsheet unless the access changes.Back to Top
What anti-virus vendors are supported?
It is required that a supported anti-virus package be installed on machines connecting with SSL-VPN. Support vendor packages are:
- Kaspersky LANDESK Ver 10
- Microsoft Security Essentials
- Microsoft Defender
What's with the TCP connection denied popup I'm getting?
The client computer is trying to access a network system which is being blocked by the SSL-VPN plug-in. See the section "Q: After connecting, what can I do?" to see what access is allowed. Most user computers have software or settings that connect to network resources, (ie. printer drivers, file shares, monitoring services, update services, etc). More than likely this notification is not an issue as the client systems are typically not needed to perform day to day work while remotely connected. However, if additional or extended access to a system is required, it will need security office approval; submit a service request accordingly.Back to Top Page Last Edited: Fri Jul 22, 2016 10:01:16 AM
You are now leaving the official website of Miami-Dade County government. Please be aware that when you exit this site, you are no longer protected by our privacy or security policies. Miami-Dade County is not responsible for the content provided on linked sites. The provision of links to these external sites does not constitute an endorsement.
Please click 'OK' to be sent to the new site, or Click 'Cancel' to go back.