WatchGuard®Firebox®SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway
x WatchGuard SSL VPN GatewayLaunching the v 5.5 Administration Tool ...
Configuring Properties for a User Group90 Firebox SSL VPN GatewayConfiguring Properties for a User GroupGroup properties include configuring access, n
Administration Guide 91Configuring Properties for a User Group NoteIf you want to close a connection and prevent a user or group from reconnecting au
Configuring Properties for a User Group92 Firebox SSL VPN Gatewaysupported and do not run. If the domain controller cannot be contacted, the Firebox
Administration Guide 93Configuring Properties for a User GroupConfiguring Web Session Time-Outs When a user is logged on to the Firebox SSL VPN Gatewa
Configuring Properties for a User Group94 Firebox SSL VPN Gateway2 On the General tab, under Application Options, select Deny applications without pol
Administration Guide 95Configuring Properties for a User GroupChoosing a portal page for a groupBy default, all users log on to the Firebox SSL VPN Ga
Configuring Resources for a User Group96 Firebox SSL VPN Gateway NoteClient certificate configuration is not available for the default user group.To
Administration Guide 97Configuring Resources for a User Groupa network resource specifying the networks to which users can connect. If you have a rest
Configuring Resources for a User Group98 Firebox SSL VPN Gateway• Kiosk resources that define how the user can log on and which file shares and applic
Administration Guide 99Configuring Resources for a User GroupTo configure resource access control for a group1 Click the Access Policy Manager tab.2 I
Administration Guide 1CHAPTER 1 Getting Started with Firebox SSL VPN GatewayThis chapter describes who should read the Firebox SSL VPN Gateway Adminis
Configuring Resources for a User Group100 Firebox SSL VPN Gateway• You can further restrict access by specifying a port and protocol for an IP address
Administration Guide 101Configuring Resources for a User Group• Deny rules take precedence over allow rules. This enables you to allow access to a ran
Configuring Resources for a User Group102 Firebox SSL VPN GatewayTo add an application policy to a group1 On the Access Policy Manager tab, in the rig
Administration Guide 103Configuring Resources for a User GroupTo create a file share resource1 Click the Access Policy Manager tab.2 In the right pane
Configuring Resources for a User Group104 Firebox SSL VPN Gateway3 To add a file share, under File Share Resources, drag the resource to Shares under
Administration Guide 105Configuring Resources for a User Group8 If you selected Process Rule, do the following: -Click Process Rule. -In Process Name,
Setting the Priority of Groups106 Firebox SSL VPN Gateway2 In the right pane, right-click End Point Policies and then click New End Point Policy. 3 Ty
Administration Guide 107Setting the Priority of GroupsThe following two settings are unioned together. For these settings, they are combined among all
Setting the Priority of Groups108 Firebox SSL VPN Gateway
Administration Guide 109CHAPTER 7 Creating and Installing Secure CertificatesThe Firebox SSL VPN Gateway uses certificates for authentication. In the
Document Conventions2 Firebox SSL VPN GatewayDocument ConventionsFirebox SSL VPN Gateway documentation uses the following typographic conventions for
Digital Certificates and Firebox SSL VPN Gateway Operation110 Firebox SSL VPN Gateway• Install a PEM certificate and private key from a Windows comput
Administration Guide 111Overview of the Certificate Signing Requestprivate key from tampering and it is also required when restoring a saved configura
Overview of the Certificate Signing Request112 Firebox SSL VPN Gateway NoteWhen you save the Firebox SSL VPN Gateway configuration, any certificates
Administration Guide 113Overview of the Certificate Signing RequestThe root certificate that is installed on the Firebox SSL VPN Gateway has to be in
Client Certificates114 Firebox SSL VPN Gateway NoteNote: HyperTerminal is not installed automatically on Windows 2000 Server or Windows Server 2003.
Administration Guide 115Client Certificates Installing Root Certificates Support for most trusted root authorities is already built into the Windows o
Requiring Certificates from Internal Connections116 Firebox SSL VPN Gateway3Click Submit. Requiring Certificates from Internal ConnectionsTo increase
Administration Guide 117CHAPTER 8 Working with Client ConnectionsClients can access resources on the corporate network by connecting through the Fireb
Using the Access Portal118 Firebox SSL VPN GatewayIf clients are using Mozilla Firefox to connect, pages that require ActiveX, such as the pre-authent
Administration Guide 119Connecting from a Private Computerthe computer is started, users do not have to do anything to create the connection, provided
Administration Guide 3LiveSecurity Service Broadcastslearn more about your WatchGuard Firebox® and network security, or find a WatchGuard Certified Tr
Connecting from a Private Computer120 Firebox SSL VPN Gateway• The Firebox SSL VPN Gateway terminates the SSL tunnel, accepts any incoming traffic des
Administration Guide 121Connecting from a Private Computerthat remote users can access through the VPN connection. For more information, see “Configur
Connecting from a Private Computer122 Firebox SSL VPN Gatewaysends its known local IP address to the server by means of a custom client-server protoco
Administration Guide 123Connecting from a Private Computer An email template is provided that includes the information discussed in this section. The
Connecting from a Private Computer124 Firebox SSL VPN GatewayThe Secure Access Client dialog box with the pop-up menu showing Advanced Options4 Under
Administration Guide 125Connecting from a Private ComputerTo view the Connection LogThe Connection Log contains real-time connection information that
Connecting from a Public Computer126 Firebox SSL VPN GatewayConfiguring Secure Access Client to Work with Non-Administrative UsersIf a user is not log
Administration Guide 127Connecting from a Public Computer• Firefox Web browser. You configure by group whether or not to include the Firefox browser a
Connecting from a Public Computer128 Firebox SSL VPN GatewayTo create and configure a kiosk resource 1 Click the Access Policy Manager tab. 2 In the r
Administration Guide 129Client Applications2 Select a file share from File Share Resources and drag it to Shares under File shares in the kiosk resour
LiveSecurity Service Self Help Tools4 Firebox SSL VPN GatewayNew from WatchGuardWhen WatchGuard releases a new product, we first tell you — our custom
Client Applications130 Firebox SSL VPN GatewayFirefox Web Browser The Firefox Web browser allows users to connect to the Internet when they are logged
Administration Guide 131Client ApplicationsTo use the SSH client1 From the portal page, choose A public computer and log on.2 In the Web browser, clic
Supporting Secure Access Client132 Firebox SSL VPN GatewayTo use Gaim1 From the portal page, choose A public computer and log on.2 In the Web browser,
Administration Guide 133Managing Client ConnectionsAn email template is provided that includes the information discussed in this section. The template
Managing Client Connections134 Firebox SSL VPN GatewayClosing a connection to a resourceWithout disrupting a user’s VPN connection, you can temporaril
Administration Guide 135Managing Client Connections2 In the left pane, right-click a group and click Properties. 3 On the General tab, under Session o
Managing Client Connections136 Firebox SSL VPN Gateway
Administration Guide 137APPENDIX A Firebox SSL VPN Gateway Monitoring and TroubleshootingThe following topics describe how to use Firebox SSL VPN Gate
Viewing and Downloading System Message Logs138 Firebox SSL VPN Gateway3Click Logging/Settings.4Under Gateway Log, click Display Logging Window.The log
Administration Guide 139Enabling and Viewing SNMP LogsTo view or download the log, go to the Logging > Configuration tab and click Download W3C Log
Administration Guide 5WatchGuard Users ForumAdvanced FAQsThe Advanced FAQs (frequently asked questions) give you important information about configura
Viewing System Statistics140 Firebox SSL VPN GatewayTo obtain SNMP data for the Firebox SSL VPN Gateway through Multi Router Traffic Grapher (in UNIX)
Administration Guide 141Recovering from a Failure of the Firebox SSL VPN Gatewaybottom right corner, you can view process and network activity levels;
Recovering from a Failure of the Firebox SSL VPN Gateway142 Firebox SSL VPN Gateway• apply the v 5.5 software updateReinstalling v 4.9 application sof
Administration Guide 143TroubleshootingTo upgrade to v 5.5.1 In the v5.0 Administration Tool, click the Firebox® SSL VPN Gateway Cluster tab.2On the A
Troubleshooting144 Firebox SSL VPN GatewayBy default, the Firebox SSL VPN Gateway passes only the user name and password to the Web Interface. To corr
Administration Guide 145TroubleshootingDefining Accessible NetworksIn the Accessible Networks field on the Global Cluster Policies tab, up to 24 subne
Troubleshooting146 Firebox SSL VPN GatewayInternal FailoverIf internal failover is enabled and the administrator is connected to the Firebox SSL VPN G
Administration Guide 147TroubleshootingDevices Cannot Communicate with the Firebox SSL VPN GatewayVerify that the following are correctly set up:• The
Troubleshooting148 Firebox SSL VPN GatewayClient Connections from a Windows Server 2003 If a connection to the Firebox SSL VPN Gateway is made from a
Administration Guide 149APPENDIX B Using Firewalls with Firebox SSL VPN GatewayIf a user cannot establish a connection to the Firebox SSL VPN Gateway
Online Help6 Firebox SSL VPN GatewayThis forum has different categories that you can use to look for information. The Technical Support team controls
BlackICE PC Protection150 Firebox SSL VPN GatewayTo view Secure Access Client status properties Double-click the Secure Access Client connection icon
Administration Guide 151Norton Personal Firewall.Norton Personal FirewallIf you are using the default Norton Personal Firewall settings, you can simpl
ZoneAlarm Pro152 Firebox SSL VPN GatewayTo configure the settings, open the Tiny Personal Firewall administration window, click the Advanced button to
Administration Guide 153APPENDIX C Installing Windows CertificatesThe Firebox SSL VPN Gateway includes the Certificate Request Generator to automatica
Unencrypting the Private Key154 Firebox SSL VPN Gateway12 Click Next to start the installation.After Cygwin installs, you can generate the CSR.These i
Administration Guide 155Converting to a PEM-Formatted CertificateFor information about downloading OpenSSL for Windows, see the SourceForge Web site a
Generating Trusted Certificates for Multiple Levels156 Firebox SSL VPN GatewayTo combine the private key with the signed certificate1 Use a text edito
Administration Guide 157Generating Trusted Certificates for Multiple LevelsIntermediate Certificate 0 Intermediate Certificate 1 Intermediate Certific
Generating Trusted Certificates for Multiple Levels158 Firebox SSL VPN Gateway
Administration Guide 159APPENDIX D Examples of Configuring Network AccessAfter the Firebox SSL VPN Gateway is installed and configured to operate in y
Administration Guide 7Training and CertificationService timeWe try for a maximum response time of four hours.Single Incident Priority Response Upgrade
Scenario 1: Configuring LDAP Authentication and Authorization160 Firebox SSL VPN GatewayBefore reading the examples in this chapter, you should become
Administration Guide 161Scenario 1: Configuring LDAP Authentication and Authorization• Determining the Sales and Engineering users who need remote acc
Scenario 1: Configuring LDAP Authentication and Authorization162 Firebox SSL VPN GatewayFor example, if the Firebox SSL VPN Gateway operates with the
Administration Guide 163Scenario 1: Configuring LDAP Authentication and Authorization• LDAP Server port. The port on which the LDAP server listens for
Scenario 1: Configuring LDAP Authentication and Authorization164 Firebox SSL VPN GatewayThis task includes these five procedures: • Configuring access
Administration Guide 165Scenario 1: Configuring LDAP Authentication and AuthorizationCreating an LDAP Authentication and Authorization Realm Creating
Scenario 1: Configuring LDAP Authentication and Authorization166 Firebox SSL VPN GatewayCreating the Appropriate Groups on the Firebox SSL VPN Gateway
Administration Guide 167Scenario 1: Configuring LDAP Authentication and Authorization4 In Network/Subnet, type these two IP address/subnet pairs for t
Scenario 1: Configuring LDAP Authentication and Authorization168 Firebox SSL VPN Gatewaythe 10.0.20.x resource and allow access to the 10.0.x.x resour
Administration Guide 169Scenario 2: Creating Guest Accounts Using the Local Users List5 In the left pane, click the "Email server" network r
Training and Certification8 Firebox SSL VPN Gatewaya certification exam. The training materials include links to books and web sites with more informa
Scenario 2: Creating Guest Accounts Using the Local Users List170 Firebox SSL VPN GatewayAn administrator can also create a list of local users on the
Administration Guide 171Scenario 2: Creating Guest Accounts Using the Local Users ListTo create a guest authentication realm for the guest users 1 In
Scenario 3: Configuring Local Authorization for Local Users172 Firebox SSL VPN GatewaySilvio and Lisa are authorized to access any resource defined in
Administration Guide 173APPENDIX E Legal and Copyright InformationGNU GENERAL PUBLIC LICENSE FOR LINUX KERNEL AS PROVIDED WITH FIREBOX SSL Firebox SS
174 Firebox SSL VPN Gateway We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal p
Administration Guide 175 change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from
176 Firebox SSL VPN Gateway be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
Administration Guide 177If any portion of this section is held invalid or unenforceable under any particular circumstance, the bal-ance of the section
178 Firebox SSL VPN Gateway 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPY-RIGHT HOLDER, OR ANY OTHER PARTY
Administration Guide 179 This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.The
Administration Guide 9CHAPTER 2 Introduction to Firebox SSL VPN GatewayWatchGuard Firebox SSL VPN Gateway is a universal Secure Socket Layer (SSL) vir
180 Firebox SSL VPN Gateway
Administration Guide 181IndexAaccess control list 56, 97allow and deny rules 98deny access 15, 58deny access without ACL 57, 88Access Policy Manager t
182 Firebox SSL VPN GatewayAuthentication tabLDAP 74authorization 15configuring 61LDAP 65, 73LDAP and RSA/ACE Server 81local users 65RADIUS 69, 72Bbac
Administration Guide 183removing 105Ethereal Network Analyzer 141unencrypted traffic 27Ethereal Network Monitor 17external access 15Ffailover 48applia
184 Firebox SSL VPN Gatewaypersistence 104Remote Desktop Client 130shared network drives, using 128SSH client 130Telnet 3270 Emulator client 131using
Administration Guide 185ping 46command 33, 145from xNetTools 141policiesaccess control lists 56IP pooling 94network access 56portal pages 38, 41settin
186 Firebox SSL VPN Gatewayconnection to 28service scanner 141session timeout 15, 88, 92settingsGeneral Networking 47shared network drives 128shared
Administration Guide 187failover servers 55General Networking 14, 47logging 14, 137managing licenses 15, 36Name Service Providers 14, 47Network Time P
188 Firebox SSL VPN Gateway
ii Firebox SSL VPN GatewayADDRESS:505 Fifth Avenue SouthSuite 500Seattle, WA 98104SUPPORT: www.watchguard.com/[email protected]. and C
Overview10 Firebox SSL VPN GatewayAs shown in the following illustration, the Firebox SSL VPN Gateway is appropriate for employees accessing the organ
Administration Guide 11New FeaturesThe virtual TCP circuit is using industry standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) enc
New Features12 Firebox SSL VPN GatewaySecure Access Client connectionsThe Secure Access Client included in this release can connect to earlier version
Administration Guide 13FeaturesNTLM authentication and authorization support. If your environment includes Windows NT 4.0 domain controllers, the Fire
Features14 Firebox SSL VPN Gateway• Date and time configuration• Certificate generation and installation• Restarting and shutting down the Firebox SSL
Administration Guide 15FeaturesServer UpgradeVPN Gateway Cluster > AdministrationServer RestartVPN Gateway Cluster > AdministrationServer Shut D
The User Experience16 Firebox SSL VPN GatewayFeature SummaryThe following are key Firebox SSL VPN Gateway features:• Universal SSL VPN. Supports all a
Administration Guide 17Deployment and AdministrationSecure Access Client by typing a secure Web address in a standard Web browser and providing authen
Planning your deployment18 Firebox SSL VPN GatewayAdministration Desktop also provides access to the Real-Time Monitor, where you can view a list of c
Administration Guide 19Planning for Security with the Firebox SSL VPN GatewayWhen an Firebox SSL VPN Gateway is deployed in the secure network, the Se
Admin Guide iiiContentsCHAPTER 1 Getting Started with Firebox SSL VPN Gateway ... 1Audience ...
Installing the Firebox SSL VPN Gateway for the First Time20 Firebox SSL VPN GatewayDeploying Additional Appliances for Load Balancing and Failover You
Administration Guide 21Installing the Firebox SSL VPN Gateway for the First Time• The Firebox SSL VPN Gateway FQDN for network address translation (NA
Installing the Firebox SSL VPN Gateway for the First Time22 Firebox SSL VPN Gateway• [4] Display Log displays the Firebox SSL VPN Gateway log • [5] Re
Administration Guide 23Installing the Firebox SSL VPN Gateway for the First TimeTo configure TCP/IP Settings Using Network Cables The Firebox SSL VPN
Using the Firebox SSL VPN Gateway24 Firebox SSL VPN GatewayFor information about the relationship between the Default Gateway and dynamic or static ro
Administration Guide 25Using the Firebox SSL VPN Gateway• After downloading the Secure Access Client, the user logs on. When the user successfully aut
Using the Firebox SSL VPN Gateway26 Firebox SSL VPN GatewayEstablishing the Secure TunnelAfter the Secure Access Client is started, it establishes a s
Administration Guide 27Using the Firebox SSL VPN GatewayNAT firewalls maintain a table that allows them to route secure packets from the Firebox SSL V
Using the Firebox SSL VPN Gateway28 Firebox SSL VPN Gatewaywork, no attempt is made by either the client or the server applications to regenerate them
Administration Guide 29Using the Firebox SSL VPN Gatewaypublic address. The external public address ensures that the redirected client returns to the
iv WatchGuard SSL VPN GatewayDisable kiosk mode ...
Using the Firebox SSL VPN Gateway30 Firebox SSL VPN Gateway
Administration Guide 31CHAPTER 3 Configuring Basic SettingsThis chapter describes Firebox SSL VPN Gateway basic administration, including connecting t
Firebox SSL VPN Gateway Administration Desktop32 Firebox SSL VPN GatewayFirebox SSL VPN Gateway Administration DesktopThe Firebox SSL VPN Gateway Admi
Administration Guide 33Using the Serial Console• Download a sample email for usersAdmin Users TabThe Firebox SSL VPN Gateway has a default administrat
Using the Administration Tool34 Firebox SSL VPN GatewayTo open the serial console1 Connect the RS232 cable to the serial port on the Firebox SSL VPN G
Administration Guide 35Publishing Settings to Multiple Firebox SSL VPN Gateways7In Username and Password, type the Firebox SSL VPN Gateway administrat
Managing Licenses36 Firebox SSL VPN GatewayFirebox SSL VPN Gateway Administration Tool. To apply these license files, see “Managing Licenses” on page
Administration Guide 37Managing LicensesDo not overwrite any .lic files in the license directory. If another file in that directory has the same name,
Blocking External Access to the Administration Portal38 Firebox SSL VPN Gateway5 In a Web browser, type the address of the Firebox SSL VPN Gateway usi
Administration Guide 39Downloading and Working with Portal Page TemplatesBy default, users see a WatchGuard Firebox SSL VPN Gateway portal page when t
Admin Guide vUsing the Serial Console ...
Downloading and Working with Portal Page Templates40 Firebox SSL VPN GatewayTo download the portal page templates to your local computer1 In the Fireb
Administration Guide 41Enabling Portal Page AuthenticationTo install a custom portal page or image on the Firebox SSL VPN Gateway1Click the Portal Pag
Linking to Clients from Your Web Site42 Firebox SSL VPN Gateway<object id="Net6Launch" type="application/x-oleobject" classid=&
Administration Guide 43Connecting Using a Web Addresstication policy check fails, the users receive an error message instructing them to contact their
Saving and Restoring the Configuration44 Firebox SSL VPN GatewaySaving and Restoring the ConfigurationWhen you upgrade the Firebox SSL VPN Gateway, al
Administration Guide 45Restarting the Firebox SSL VPN Gateway2In Upload a Server Upgrade or Saved Config, click Browse. 3 Locate the upgrade file that
Allowing ICMP traffic46 Firebox SSL VPN GatewayTo change the system date and time1 In the Administration Tool, click the VPN Gateway Cluster tab, sele
Administration Guide 47CHAPTER 4 Configuring Firebox SSL VPN Gateway Network ConnectionsThe Firebox SSL VPN Gateway has two network adapters that can
General Networking48 Firebox SSL VPN Gateway•The Routes tab is where dynamic and static routes are configured•The Failover Servers tab is where multip
Administration Guide 49General NetworkingThe Firebox SSL VPN Gateway in the DMZ.For more information, see “Connecting to a Server Load Balancer” on pa
vi WatchGuard SSL VPN GatewayAllowing ICMP traffic ...
Name Service Providers50 Firebox SSL VPN Gateway NoteIP pooling is configured per groups, as described in “Enabling IP Pooling” on page 94.Name Servi
Administration Guide 51Dynamic and Static Routing3Under Edit the HOSTS file, in IP address, enter the IP address that you want to associate with an FQ
Dynamic and Static Routing52 Firebox SSL VPN GatewayConfiguring Dynamic RoutingWhen dynamic routing is selected, the Firebox SSL VPN Gateway operates
Administration Guide 53Dynamic and Static Routing5 In the text box, type a text string that is an exact, case-sensitive match to the authentication st
Dynamic and Static Routing54 Firebox SSL VPN Gateway8On the General Networking tab, click Submit.The route name appears in the Static Routes list.To t
Administration Guide 55Configuring Firebox SSL VPN Gateway FailoverTo set up the static route, you need to establish the path between the eth1 adapter
Controlling Network Access56 Firebox SSL VPN Gatewaynect to port 9001 when you are logged on from an external connection, configure IP pools and conne
Administration Guide 57Enabling Split TunnelingYou can change the default operation so that user groups are denied network access unless they are allo
Denying Access to Groups without an ACL58 Firebox SSL VPN GatewayWhen you enable split tunneling, you must enter a list of accessible networks on the
Administration Guide 59Improving Voice over IP ConnectionsTo deny access to user groups without an ACL1Click the Global Cluster Policies tab.2Under Ac
Admin Guide viiTo disable Firebox SSL VPN Gateway authentication ...68SafeWord Premier
Improving Voice over IP Connections60 Firebox SSL VPN Gateway NoteIf the Improving Voice over IP Connections setting is not selected, the UDP traffic
Administration Guide 61CHAPTER 5 Configuring Authentication and AuthorizationThe Firebox SSL VPN Gateway supports several authentication types includi
Configuring Authentication and Authorization62 Firebox SSL VPN GatewayCommunications between the Firebox SSL VPN Gateway and authentication servers.If
Administration Guide 63Configuring Authentication and AuthorizationConfiguring Authentication without Authorization The Firebox SSL VPN Gateway can be
Configuring Authentication and Authorization64 Firebox SSL VPN GatewayConfiguring Local UsersYou can create user accounts locally on the Firebox SSL V
Administration Guide 65Changing the Authentication Type of the Default RealmTo change a user’s password1On the Access Policy Manager tab, right-click
Changing the Authentication Type of the Default Realm66 Firebox SSL VPN Gateway3On the Action menu, select Remove Default realm.A warning message appe
Administration Guide 67Using SafeWord for AuthenticationRemoving RealmsIf you are retiring an authentication server or removing a domain server, you c
Using SafeWord for Citrix or SafeWord RemoteAccess for Authentication68 Firebox SSL VPN GatewayConfigure a SafeWord realm to authenticate users. The F
Administration Guide 69Using RADIUS Servers for Authentication and AuthorizationIf you are already using SafeWord for Citrix or SafeWord RemoteAccess
viii WatchGuard SSL VPN GatewayEnabling session time-out ...
Using RADIUS Servers for Authentication and Authorization70 Firebox SSL VPN Gateway•Type is the vendor-assigned attribute number.• Attribute name is t
Administration Guide 71Using RADIUS Servers for Authentication and Authorization18 In the Add Attributes dialog box, select Vendor-Specific and click
Using RADIUS Servers for Authentication and Authorization72 Firebox SSL VPN GatewayTo specify RADIUS server authentication1Click the Authentication ta
Administration Guide 73Using LDAP Servers for Authentication and AuthorizationRADIUS authentication. If you synchronize configurations among several F
Using LDAP Servers for Authentication and Authorization74 Firebox SSL VPN GatewayThis table contains examples of the base dnThe following table contai
Administration Guide 75LDAP Authorization8 Select Allow Unsecure Traffic to allow unsecure LDAP connections.When this check box is clear, all LDAP con
LDAP Authorization76 Firebox SSL VPN GatewayGroup memberships from group objects working evaluationsLDAP servers that evaluate group memberships from
Administration Guide 77LDAP AuthorizationThe LDAP Server port defaults to 389. If you are using an indexed database, such as Microsoft Active Director
LDAP Authorization78 Firebox SSL VPN GatewayFor Active Directory, the group name specified as cn=groupname is required. The group name that is defined
Administration Guide 79Using RSA SecurID for AuthenticationHostHost name or IP address of your LDAP server.PortDefaults to 389. Base DNYou can leave t
Admin Guide ixUsing the Access Portal ...
Using RSA SecurID for Authentication80 Firebox SSL VPN GatewayThe Firebox SSL VPN Gateway supports RSA ACE/Server Version 5.2 and higher. The Firebox
Administration Guide 81Using RSA SecurID for Authentication8 To create the configuration file for the new or changed Agent Host, go to Agent Host >
Using RSA SecurID for Authentication82 Firebox SSL VPN GatewayConfiguring RSA Settings for a ClusterIf you have two or more appliances configured as a
Administration Guide 83Using RSA SecurID for Authentication NoteNote: If you are configuring double-source authentication, click Two Source and then
Using RSA SecurID for Authentication84 Firebox SSL VPN Gateway NoteNote: When 0 (zero) is entered as the port, the Access Gateway attempts to automat
Administration Guide 85Configuring Double-Source AuthenticationYou can prevent the storage of one-time passwords in cache, which forces the user to en
Configuring Double-Source Authentication86 Firebox SSL VPN Gatewayand passcode first and then the LDAP password second. Whatever is typed in the first
Administration Guide 87CHAPTER 6 Adding and Configuring Local Users and User Groups User groups define the resources the user has access to when conne
User Group Overview88 Firebox SSL VPN Gateway5 All users are members of the Default resource group. To add a user to another group, under Local Users,
Administration Guide 89Creating User GroupsGroup resources include:• Network resources that define the networks to which clients can connect.• Applica
Comments to this Manuals