WatchGuard Technologies Water Heater SSL VPN User Manual

WatchGuard®Firebox®SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway

x WatchGuard SSL VPN GatewayLaunching the v 5.5 Administration Tool ...

Configuring Properties for a User Group90 Firebox SSL VPN GatewayConfiguring Properties for a User GroupGroup properties include configuring access, n

Administration Guide 91Configuring Properties for a User Group NoteIf you want to close a connection and prevent a user or group from reconnecting au

Configuring Properties for a User Group92 Firebox SSL VPN Gatewaysupported and do not run. If the domain controller cannot be contacted, the Firebox

Administration Guide 93Configuring Properties for a User GroupConfiguring Web Session Time-Outs When a user is logged on to the Firebox SSL VPN Gatewa

Configuring Properties for a User Group94 Firebox SSL VPN Gateway2 On the General tab, under Application Options, select Deny applications without pol

Administration Guide 95Configuring Properties for a User GroupChoosing a portal page for a groupBy default, all users log on to the Firebox SSL VPN Ga

Configuring Resources for a User Group96 Firebox SSL VPN Gateway NoteClient certificate configuration is not available for the default user group.To

Administration Guide 97Configuring Resources for a User Groupa network resource specifying the networks to which users can connect. If you have a rest

Configuring Resources for a User Group98 Firebox SSL VPN Gateway• Kiosk resources that define how the user can log on and which file shares and applic

Administration Guide 99Configuring Resources for a User GroupTo configure resource access control for a group1 Click the Access Policy Manager tab.2 I

Administration Guide 1CHAPTER 1 Getting Started with Firebox SSL VPN GatewayThis chapter describes who should read the Firebox SSL VPN Gateway Adminis

Configuring Resources for a User Group100 Firebox SSL VPN Gateway• You can further restrict access by specifying a port and protocol for an IP address

Administration Guide 101Configuring Resources for a User Group• Deny rules take precedence over allow rules. This enables you to allow access to a ran

Configuring Resources for a User Group102 Firebox SSL VPN GatewayTo add an application policy to a group1 On the Access Policy Manager tab, in the rig

Administration Guide 103Configuring Resources for a User GroupTo create a file share resource1 Click the Access Policy Manager tab.2 In the right pane

Configuring Resources for a User Group104 Firebox SSL VPN Gateway3 To add a file share, under File Share Resources, drag the resource to Shares under

Administration Guide 105Configuring Resources for a User Group8 If you selected Process Rule, do the following: -Click Process Rule. -In Process Name,

Setting the Priority of Groups106 Firebox SSL VPN Gateway2 In the right pane, right-click End Point Policies and then click New End Point Policy. 3 Ty

Administration Guide 107Setting the Priority of GroupsThe following two settings are unioned together. For these settings, they are combined among all

Setting the Priority of Groups108 Firebox SSL VPN Gateway

Administration Guide 109CHAPTER 7 Creating and Installing Secure CertificatesThe Firebox SSL VPN Gateway uses certificates for authentication. In the

Document Conventions2 Firebox SSL VPN GatewayDocument ConventionsFirebox SSL VPN Gateway documentation uses the following typographic conventions for

Digital Certificates and Firebox SSL VPN Gateway Operation110 Firebox SSL VPN Gateway• Install a PEM certificate and private key from a Windows comput

Administration Guide 111Overview of the Certificate Signing Requestprivate key from tampering and it is also required when restoring a saved configura

Overview of the Certificate Signing Request112 Firebox SSL VPN Gateway NoteWhen you save the Firebox SSL VPN Gateway configuration, any certificates

Administration Guide 113Overview of the Certificate Signing RequestThe root certificate that is installed on the Firebox SSL VPN Gateway has to be in

Client Certificates114 Firebox SSL VPN Gateway NoteNote: HyperTerminal is not installed automatically on Windows 2000 Server or Windows Server 2003.

Administration Guide 115Client Certificates Installing Root Certificates Support for most trusted root authorities is already built into the Windows o

Requiring Certificates from Internal Connections116 Firebox SSL VPN Gateway3Click Submit. Requiring Certificates from Internal ConnectionsTo increase

Administration Guide 117CHAPTER 8 Working with Client ConnectionsClients can access resources on the corporate network by connecting through the Fireb

Using the Access Portal118 Firebox SSL VPN GatewayIf clients are using Mozilla Firefox to connect, pages that require ActiveX, such as the pre-authent

Administration Guide 119Connecting from a Private Computerthe computer is started, users do not have to do anything to create the connection, provided

Administration Guide 3LiveSecurity Service Broadcastslearn more about your WatchGuard Firebox® and network security, or find a WatchGuard Certified Tr

Connecting from a Private Computer120 Firebox SSL VPN Gateway• The Firebox SSL VPN Gateway terminates the SSL tunnel, accepts any incoming traffic des

Administration Guide 121Connecting from a Private Computerthat remote users can access through the VPN connection. For more information, see “Configur

Connecting from a Private Computer122 Firebox SSL VPN Gatewaysends its known local IP address to the server by means of a custom client-server protoco

Administration Guide 123Connecting from a Private Computer An email template is provided that includes the information discussed in this section. The

Connecting from a Private Computer124 Firebox SSL VPN GatewayThe Secure Access Client dialog box with the pop-up menu showing Advanced Options4 Under

Administration Guide 125Connecting from a Private ComputerTo view the Connection LogThe Connection Log contains real-time connection information that

Connecting from a Public Computer126 Firebox SSL VPN GatewayConfiguring Secure Access Client to Work with Non-Administrative UsersIf a user is not log

Administration Guide 127Connecting from a Public Computer• Firefox Web browser. You configure by group whether or not to include the Firefox browser a

Connecting from a Public Computer128 Firebox SSL VPN GatewayTo create and configure a kiosk resource 1 Click the Access Policy Manager tab. 2 In the r

Administration Guide 129Client Applications2 Select a file share from File Share Resources and drag it to Shares under File shares in the kiosk resour

LiveSecurity Service Self Help Tools4 Firebox SSL VPN GatewayNew from WatchGuardWhen WatchGuard releases a new product, we first tell you — our custom

Client Applications130 Firebox SSL VPN GatewayFirefox Web Browser The Firefox Web browser allows users to connect to the Internet when they are logged

Administration Guide 131Client ApplicationsTo use the SSH client1 From the portal page, choose A public computer and log on.2 In the Web browser, clic

Supporting Secure Access Client132 Firebox SSL VPN GatewayTo use Gaim1 From the portal page, choose A public computer and log on.2 In the Web browser,

Administration Guide 133Managing Client ConnectionsAn email template is provided that includes the information discussed in this section. The template

Managing Client Connections134 Firebox SSL VPN GatewayClosing a connection to a resourceWithout disrupting a user’s VPN connection, you can temporaril

Administration Guide 135Managing Client Connections2 In the left pane, right-click a group and click Properties. 3 On the General tab, under Session o

Managing Client Connections136 Firebox SSL VPN Gateway

Administration Guide 137APPENDIX A Firebox SSL VPN Gateway Monitoring and TroubleshootingThe following topics describe how to use Firebox SSL VPN Gate

Viewing and Downloading System Message Logs138 Firebox SSL VPN Gateway3Click Logging/Settings.4Under Gateway Log, click Display Logging Window.The log

Administration Guide 139Enabling and Viewing SNMP LogsTo view or download the log, go to the Logging > Configuration tab and click Download W3C Log

Administration Guide 5WatchGuard Users ForumAdvanced FAQsThe Advanced FAQs (frequently asked questions) give you important information about configura

Viewing System Statistics140 Firebox SSL VPN GatewayTo obtain SNMP data for the Firebox SSL VPN Gateway through Multi Router Traffic Grapher (in UNIX)

Administration Guide 141Recovering from a Failure of the Firebox SSL VPN Gatewaybottom right corner, you can view process and network activity levels;

Recovering from a Failure of the Firebox SSL VPN Gateway142 Firebox SSL VPN Gateway• apply the v 5.5 software updateReinstalling v 4.9 application sof

Administration Guide 143TroubleshootingTo upgrade to v 5.5.1 In the v5.0 Administration Tool, click the Firebox® SSL VPN Gateway Cluster tab.2On the A

Troubleshooting144 Firebox SSL VPN GatewayBy default, the Firebox SSL VPN Gateway passes only the user name and password to the Web Interface. To corr

Administration Guide 145TroubleshootingDefining Accessible NetworksIn the Accessible Networks field on the Global Cluster Policies tab, up to 24 subne

Troubleshooting146 Firebox SSL VPN GatewayInternal FailoverIf internal failover is enabled and the administrator is connected to the Firebox SSL VPN G

Administration Guide 147TroubleshootingDevices Cannot Communicate with the Firebox SSL VPN GatewayVerify that the following are correctly set up:• The

Troubleshooting148 Firebox SSL VPN GatewayClient Connections from a Windows Server 2003 If a connection to the Firebox SSL VPN Gateway is made from a

Administration Guide 149APPENDIX B Using Firewalls with Firebox SSL VPN GatewayIf a user cannot establish a connection to the Firebox SSL VPN Gateway

Online Help6 Firebox SSL VPN GatewayThis forum has different categories that you can use to look for information. The Technical Support team controls

BlackICE PC Protection150 Firebox SSL VPN GatewayTo view Secure Access Client status properties Double-click the Secure Access Client connection icon

Administration Guide 151Norton Personal Firewall.Norton Personal FirewallIf you are using the default Norton Personal Firewall settings, you can simpl

ZoneAlarm Pro152 Firebox SSL VPN GatewayTo configure the settings, open the Tiny Personal Firewall administration window, click the Advanced button to

Administration Guide 153APPENDIX C Installing Windows CertificatesThe Firebox SSL VPN Gateway includes the Certificate Request Generator to automatica

Unencrypting the Private Key154 Firebox SSL VPN Gateway12 Click Next to start the installation.After Cygwin installs, you can generate the CSR.These i

Administration Guide 155Converting to a PEM-Formatted CertificateFor information about downloading OpenSSL for Windows, see the SourceForge Web site a

Generating Trusted Certificates for Multiple Levels156 Firebox SSL VPN GatewayTo combine the private key with the signed certificate1 Use a text edito

Administration Guide 157Generating Trusted Certificates for Multiple LevelsIntermediate Certificate 0 Intermediate Certificate 1 Intermediate Certific

Generating Trusted Certificates for Multiple Levels158 Firebox SSL VPN Gateway

Administration Guide 159APPENDIX D Examples of Configuring Network AccessAfter the Firebox SSL VPN Gateway is installed and configured to operate in y

Administration Guide 7Training and CertificationService timeWe try for a maximum response time of four hours.Single Incident Priority Response Upgrade

Scenario 1: Configuring LDAP Authentication and Authorization160 Firebox SSL VPN GatewayBefore reading the examples in this chapter, you should become

Administration Guide 161Scenario 1: Configuring LDAP Authentication and Authorization• Determining the Sales and Engineering users who need remote acc

Scenario 1: Configuring LDAP Authentication and Authorization162 Firebox SSL VPN GatewayFor example, if the Firebox SSL VPN Gateway operates with the

Administration Guide 163Scenario 1: Configuring LDAP Authentication and Authorization• LDAP Server port. The port on which the LDAP server listens for

Scenario 1: Configuring LDAP Authentication and Authorization164 Firebox SSL VPN GatewayThis task includes these five procedures: • Configuring access

Administration Guide 165Scenario 1: Configuring LDAP Authentication and AuthorizationCreating an LDAP Authentication and Authorization Realm Creating

Scenario 1: Configuring LDAP Authentication and Authorization166 Firebox SSL VPN GatewayCreating the Appropriate Groups on the Firebox SSL VPN Gateway

Administration Guide 167Scenario 1: Configuring LDAP Authentication and Authorization4 In Network/Subnet, type these two IP address/subnet pairs for t

Scenario 1: Configuring LDAP Authentication and Authorization168 Firebox SSL VPN Gatewaythe 10.0.20.x resource and allow access to the 10.0.x.x resour

Administration Guide 169Scenario 2: Creating Guest Accounts Using the Local Users List5 In the left pane, click the "Email server" network r

Training and Certification8 Firebox SSL VPN Gatewaya certification exam. The training materials include links to books and web sites with more informa

Scenario 2: Creating Guest Accounts Using the Local Users List170 Firebox SSL VPN GatewayAn administrator can also create a list of local users on the

Administration Guide 171Scenario 2: Creating Guest Accounts Using the Local Users ListTo create a guest authentication realm for the guest users 1 In

Scenario 3: Configuring Local Authorization for Local Users172 Firebox SSL VPN GatewaySilvio and Lisa are authorized to access any resource defined in

Administration Guide 173APPENDIX E Legal and Copyright InformationGNU GENERAL PUBLIC LICENSE FOR LINUX KERNEL AS PROVIDED WITH FIREBOX SSL Firebox SS

174 Firebox SSL VPN Gateway We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal p

Administration Guide 175 change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from

176 Firebox SSL VPN Gateway be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

Administration Guide 177If any portion of this section is held invalid or unenforceable under any particular circumstance, the bal-ance of the section

178 Firebox SSL VPN Gateway 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPY-RIGHT HOLDER, OR ANY OTHER PARTY

Administration Guide 179 This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.The

Administration Guide 9CHAPTER 2 Introduction to Firebox SSL VPN GatewayWatchGuard Firebox SSL VPN Gateway is a universal Secure Socket Layer (SSL) vir

180 Firebox SSL VPN Gateway

Administration Guide 181IndexAaccess control list 56, 97allow and deny rules 98deny access 15, 58deny access without ACL 57, 88Access Policy Manager t

182 Firebox SSL VPN GatewayAuthentication tabLDAP 74authorization 15configuring 61LDAP 65, 73LDAP and RSA/ACE Server 81local users 65RADIUS 69, 72Bbac

Administration Guide 183removing 105Ethereal Network Analyzer 141unencrypted traffic 27Ethereal Network Monitor 17external access 15Ffailover 48applia

184 Firebox SSL VPN Gatewaypersistence 104Remote Desktop Client 130shared network drives, using 128SSH client 130Telnet 3270 Emulator client 131using

Administration Guide 185ping 46command 33, 145from xNetTools 141policiesaccess control lists 56IP pooling 94network access 56portal pages 38, 41settin

186 Firebox SSL VPN Gatewayconnection to 28service scanner 141session timeout 15, 88, 92settingsGeneral Networking 47shared network drives 128shared

Administration Guide 187failover servers 55General Networking 14, 47logging 14, 137managing licenses 15, 36Name Service Providers 14, 47Network Time P

188 Firebox SSL VPN Gateway

ii Firebox SSL VPN GatewayADDRESS:505 Fifth Avenue SouthSuite 500Seattle, WA 98104SUPPORT: www.watchguard.com/[email protected]. and C

Overview10 Firebox SSL VPN GatewayAs shown in the following illustration, the Firebox SSL VPN Gateway is appropriate for employees accessing the organ

Administration Guide 11New FeaturesThe virtual TCP circuit is using industry standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) enc

New Features12 Firebox SSL VPN GatewaySecure Access Client connectionsThe Secure Access Client included in this release can connect to earlier version

Administration Guide 13FeaturesNTLM authentication and authorization support. If your environment includes Windows NT 4.0 domain controllers, the Fire

Features14 Firebox SSL VPN Gateway• Date and time configuration• Certificate generation and installation• Restarting and shutting down the Firebox SSL

Administration Guide 15FeaturesServer UpgradeVPN Gateway Cluster > AdministrationServer RestartVPN Gateway Cluster > AdministrationServer Shut D

The User Experience16 Firebox SSL VPN GatewayFeature SummaryThe following are key Firebox SSL VPN Gateway features:• Universal SSL VPN. Supports all a

Administration Guide 17Deployment and AdministrationSecure Access Client by typing a secure Web address in a standard Web browser and providing authen

Planning your deployment18 Firebox SSL VPN GatewayAdministration Desktop also provides access to the Real-Time Monitor, where you can view a list of c

Administration Guide 19Planning for Security with the Firebox SSL VPN GatewayWhen an Firebox SSL VPN Gateway is deployed in the secure network, the Se

Admin Guide iiiContentsCHAPTER 1 Getting Started with Firebox SSL VPN Gateway ... 1Audience ...

Installing the Firebox SSL VPN Gateway for the First Time20 Firebox SSL VPN GatewayDeploying Additional Appliances for Load Balancing and Failover You

Administration Guide 21Installing the Firebox SSL VPN Gateway for the First Time• The Firebox SSL VPN Gateway FQDN for network address translation (NA

Installing the Firebox SSL VPN Gateway for the First Time22 Firebox SSL VPN Gateway• [4] Display Log displays the Firebox SSL VPN Gateway log • [5] Re

Administration Guide 23Installing the Firebox SSL VPN Gateway for the First TimeTo configure TCP/IP Settings Using Network Cables The Firebox SSL VPN

Using the Firebox SSL VPN Gateway24 Firebox SSL VPN GatewayFor information about the relationship between the Default Gateway and dynamic or static ro

Administration Guide 25Using the Firebox SSL VPN Gateway• After downloading the Secure Access Client, the user logs on. When the user successfully aut

Using the Firebox SSL VPN Gateway26 Firebox SSL VPN GatewayEstablishing the Secure TunnelAfter the Secure Access Client is started, it establishes a s

Administration Guide 27Using the Firebox SSL VPN GatewayNAT firewalls maintain a table that allows them to route secure packets from the Firebox SSL V

Using the Firebox SSL VPN Gateway28 Firebox SSL VPN Gatewaywork, no attempt is made by either the client or the server applications to regenerate them

Administration Guide 29Using the Firebox SSL VPN Gatewaypublic address. The external public address ensures that the redirected client returns to the

iv WatchGuard SSL VPN GatewayDisable kiosk mode ...

Using the Firebox SSL VPN Gateway30 Firebox SSL VPN Gateway

Administration Guide 31CHAPTER 3 Configuring Basic SettingsThis chapter describes Firebox SSL VPN Gateway basic administration, including connecting t

Firebox SSL VPN Gateway Administration Desktop32 Firebox SSL VPN GatewayFirebox SSL VPN Gateway Administration DesktopThe Firebox SSL VPN Gateway Admi

Administration Guide 33Using the Serial Console• Download a sample email for usersAdmin Users TabThe Firebox SSL VPN Gateway has a default administrat

Using the Administration Tool34 Firebox SSL VPN GatewayTo open the serial console1 Connect the RS232 cable to the serial port on the Firebox SSL VPN G

Administration Guide 35Publishing Settings to Multiple Firebox SSL VPN Gateways7In Username and Password, type the Firebox SSL VPN Gateway administrat

Managing Licenses36 Firebox SSL VPN GatewayFirebox SSL VPN Gateway Administration Tool. To apply these license files, see “Managing Licenses” on page

Administration Guide 37Managing LicensesDo not overwrite any .lic files in the license directory. If another file in that directory has the same name,

Blocking External Access to the Administration Portal38 Firebox SSL VPN Gateway5 In a Web browser, type the address of the Firebox SSL VPN Gateway usi

Administration Guide 39Downloading and Working with Portal Page TemplatesBy default, users see a WatchGuard Firebox SSL VPN Gateway portal page when t

Admin Guide vUsing the Serial Console ...

Downloading and Working with Portal Page Templates40 Firebox SSL VPN GatewayTo download the portal page templates to your local computer1 In the Fireb

Administration Guide 41Enabling Portal Page AuthenticationTo install a custom portal page or image on the Firebox SSL VPN Gateway1Click the Portal Pag

Linking to Clients from Your Web Site42 Firebox SSL VPN Gateway<object id="Net6Launch" type="application/x-oleobject" classid=&

Administration Guide 43Connecting Using a Web Addresstication policy check fails, the users receive an error message instructing them to contact their

Saving and Restoring the Configuration44 Firebox SSL VPN GatewaySaving and Restoring the ConfigurationWhen you upgrade the Firebox SSL VPN Gateway, al

Administration Guide 45Restarting the Firebox SSL VPN Gateway2In Upload a Server Upgrade or Saved Config, click Browse. 3 Locate the upgrade file that

Allowing ICMP traffic46 Firebox SSL VPN GatewayTo change the system date and time1 In the Administration Tool, click the VPN Gateway Cluster tab, sele

Administration Guide 47CHAPTER 4 Configuring Firebox SSL VPN Gateway Network ConnectionsThe Firebox SSL VPN Gateway has two network adapters that can

General Networking48 Firebox SSL VPN Gateway•The Routes tab is where dynamic and static routes are configured•The Failover Servers tab is where multip

Administration Guide 49General NetworkingThe Firebox SSL VPN Gateway in the DMZ.For more information, see “Connecting to a Server Load Balancer” on pa

vi WatchGuard SSL VPN GatewayAllowing ICMP traffic ...

Name Service Providers50 Firebox SSL VPN Gateway NoteIP pooling is configured per groups, as described in “Enabling IP Pooling” on page 94.Name Servi

Administration Guide 51Dynamic and Static Routing3Under Edit the HOSTS file, in IP address, enter the IP address that you want to associate with an FQ

Dynamic and Static Routing52 Firebox SSL VPN GatewayConfiguring Dynamic RoutingWhen dynamic routing is selected, the Firebox SSL VPN Gateway operates

Administration Guide 53Dynamic and Static Routing5 In the text box, type a text string that is an exact, case-sensitive match to the authentication st

Dynamic and Static Routing54 Firebox SSL VPN Gateway8On the General Networking tab, click Submit.The route name appears in the Static Routes list.To t

Administration Guide 55Configuring Firebox SSL VPN Gateway FailoverTo set up the static route, you need to establish the path between the eth1 adapter

Controlling Network Access56 Firebox SSL VPN Gatewaynect to port 9001 when you are logged on from an external connection, configure IP pools and conne

Administration Guide 57Enabling Split TunnelingYou can change the default operation so that user groups are denied network access unless they are allo

Denying Access to Groups without an ACL58 Firebox SSL VPN GatewayWhen you enable split tunneling, you must enter a list of accessible networks on the

Administration Guide 59Improving Voice over IP ConnectionsTo deny access to user groups without an ACL1Click the Global Cluster Policies tab.2Under Ac

Admin Guide viiTo disable Firebox SSL VPN Gateway authentication ...68SafeWord Premier

Improving Voice over IP Connections60 Firebox SSL VPN Gateway NoteIf the Improving Voice over IP Connections setting is not selected, the UDP traffic

Administration Guide 61CHAPTER 5 Configuring Authentication and AuthorizationThe Firebox SSL VPN Gateway supports several authentication types includi

Configuring Authentication and Authorization62 Firebox SSL VPN GatewayCommunications between the Firebox SSL VPN Gateway and authentication servers.If

Administration Guide 63Configuring Authentication and AuthorizationConfiguring Authentication without Authorization The Firebox SSL VPN Gateway can be

Configuring Authentication and Authorization64 Firebox SSL VPN GatewayConfiguring Local UsersYou can create user accounts locally on the Firebox SSL V

Administration Guide 65Changing the Authentication Type of the Default RealmTo change a user’s password1On the Access Policy Manager tab, right-click

Changing the Authentication Type of the Default Realm66 Firebox SSL VPN Gateway3On the Action menu, select Remove Default realm.A warning message appe

Administration Guide 67Using SafeWord for AuthenticationRemoving RealmsIf you are retiring an authentication server or removing a domain server, you c

Using SafeWord for Citrix or SafeWord RemoteAccess for Authentication68 Firebox SSL VPN GatewayConfigure a SafeWord realm to authenticate users. The F

Administration Guide 69Using RADIUS Servers for Authentication and AuthorizationIf you are already using SafeWord for Citrix or SafeWord RemoteAccess

viii WatchGuard SSL VPN GatewayEnabling session time-out ...

Using RADIUS Servers for Authentication and Authorization70 Firebox SSL VPN Gateway•Type is the vendor-assigned attribute number.• Attribute name is t

Administration Guide 71Using RADIUS Servers for Authentication and Authorization18 In the Add Attributes dialog box, select Vendor-Specific and click

Using RADIUS Servers for Authentication and Authorization72 Firebox SSL VPN GatewayTo specify RADIUS server authentication1Click the Authentication ta

Administration Guide 73Using LDAP Servers for Authentication and AuthorizationRADIUS authentication. If you synchronize configurations among several F

Using LDAP Servers for Authentication and Authorization74 Firebox SSL VPN GatewayThis table contains examples of the base dnThe following table contai

Administration Guide 75LDAP Authorization8 Select Allow Unsecure Traffic to allow unsecure LDAP connections.When this check box is clear, all LDAP con

LDAP Authorization76 Firebox SSL VPN GatewayGroup memberships from group objects working evaluationsLDAP servers that evaluate group memberships from

Administration Guide 77LDAP AuthorizationThe LDAP Server port defaults to 389. If you are using an indexed database, such as Microsoft Active Director

LDAP Authorization78 Firebox SSL VPN GatewayFor Active Directory, the group name specified as cn=groupname is required. The group name that is defined

Administration Guide 79Using RSA SecurID for AuthenticationHostHost name or IP address of your LDAP server.PortDefaults to 389. Base DNYou can leave t

Admin Guide ixUsing the Access Portal ...

Using RSA SecurID for Authentication80 Firebox SSL VPN GatewayThe Firebox SSL VPN Gateway supports RSA ACE/Server Version 5.2 and higher. The Firebox

Administration Guide 81Using RSA SecurID for Authentication8 To create the configuration file for the new or changed Agent Host, go to Agent Host >

Using RSA SecurID for Authentication82 Firebox SSL VPN GatewayConfiguring RSA Settings for a ClusterIf you have two or more appliances configured as a

Administration Guide 83Using RSA SecurID for Authentication NoteNote: If you are configuring double-source authentication, click Two Source and then

Using RSA SecurID for Authentication84 Firebox SSL VPN Gateway NoteNote: When 0 (zero) is entered as the port, the Access Gateway attempts to automat

Administration Guide 85Configuring Double-Source AuthenticationYou can prevent the storage of one-time passwords in cache, which forces the user to en

Configuring Double-Source Authentication86 Firebox SSL VPN Gatewayand passcode first and then the LDAP password second. Whatever is typed in the first

Administration Guide 87CHAPTER 6 Adding and Configuring Local Users and User Groups User groups define the resources the user has access to when conne

User Group Overview88 Firebox SSL VPN Gateway5 All users are members of the Default resource group. To add a user to another group, under Local Users,

Administration Guide 89Creating User GroupsGroup resources include:• Network resources that define the networks to which clients can connect.• Applica