Enabling Split Dns; Enabling Ip Pooling - Watchguard SSL 1000 User Manual

Vpn gateway

Hide thumbs Also See for SSL 1000:

Setup manual (6 pages)

Hardware manual (31 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

Configuring Properties for a User Group

On the General tab, under Application Options, select Deny applications without policies.

For more information about application policies, see "Application policies" on page 101.

For more information about endpoint policies, see "End point resources and policies" on page 104.

Enabling Split DNS

By default, the Firebox SSL VPN Gateway checks a user's remote DNS only. You can allow failover to a

user's local DNS by enabling split DNS. A user can override this setting using the Connection Proper-

ties dialog box from the Secure Access logon screen.

To allow failover to a user's local DNS

Click the Access Policy Manager tab.

In the left pane, right-click a group and click Properties.

On the Networking tab, click Enable split-DNS.

The Firebox SSL VPN Gateway fails over to the local DNS only if the specified DNS servers cannot be contacted but

not if there is a negative response.

Click OK.

Enabling IP Pooling

In some situations, users connecting using Secure Access Client need a unique IP address for the Firebox

SSL VPN Gateway. For example, in a Samba environment, each user connecting to a mapped network

drive needs to appear to originate from a different IP address. When you enable IP pooling for a group,

the Firebox SSL VPN Gateway can assign a unique IP address alias to each client's session.

You can specify the gateway device to be used for IP pooling. The gateway device can be the Firebox SSL

VPN Gateway itself or some other device. If you do not specify a gateway, an Firebox SSL VPN Gateway

interface is used, based on the General Networking settings, as follows:

• If you configured only Interface 0 (the Firebox SSL VPN Gateway is inside your firewall), the

Interface 0 IP address is used as the gateway.

• If you configured Interfaces 0 and 1 (the Firebox SSL VPN Gateway is in the DMZ), the Interface 1

IP address is used as the gateway. (Interface 1 is considered the internal interface in this scenario.)

To configure IP pooling for a group

Click the Access Policy Manager tab.

In the left pane, right-click a user group and click Properties

On the Networking tab, click Enable IP pools.

Under IP Pool Configuration, right-click a gateway and then click Modify Gateway Pool.

In Starting IP Address, type the starting IP address for the pool.

In Number of IP Addresses, type the number of IP address aliases. You can have as many as 2000 IP

addresses total in all IP pools.

In Default Gateway, type the gateway IP address.

If you leave this field blank, an Firebox SSL VPN Gateway network adapter is used, as described earlier in this

section. If you specify some other device as the gateway, the Firebox SSL VPN Gateway adds an entry for that route

in the Firebox SSL VPN Gateway routing table.

Click OK.

Firebox SSL VPN Gateway

Table of Contents

Troubleshooting

This manual is also suitable for:

Ssl 500 Firebox ssl series

Enabling Split Dns; Enabling Ip Pooling - Watchguard SSL 1000 User Manual

Enabling Split DNS

Enabling IP Pooling

Troubleshooting

Related Manuals for Watchguard SSL 1000

Related Content for Watchguard SSL 1000

This manual is also suitable for:

Table of Contents