Application Policies - Watchguard SSL 1000 User Manual

Vpn gateway

Hide thumbs Also See for SSL 1000:

Setup manual (6 pages)

Hardware manual (31 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

•

Deny rules take precedence over allow rules. This enables you to allow access to a range of resources

and to also deny access to selected resources within that range. For example, you might want to allow

a group access to a resource group that includes 10.20.10.0/24, but need to deny that user group

access to 10.20.10.30. To handle this, you create two network resources; one that includes the

10.20.10.0/24 subnet and a group that includes 10.20.10.30. Access to that resource is denied unless

you specifically allow it.

To add a network resource to a group

On the Access Policy Manager tab, in the right-pane, under Network Resources, click the resource

you want to add and then drag it to the user group in the left pane.

To allow or deny access, right-click the network resource and then click Allow or Deny.

To remove a network resource

Click the Access Policy Manager tab.

In the right pane, under Network Resources, right-click the resource group you want to remove.

Click Remove.

Application policies

Application policies put constraints on the network path applications can access. For example, a user is

using Microsoft Outlook 2003 for corporate email. You can configure the application to use a specific

network resource to the Microsoft Exchange Server. When the network resource is defined, when Out-

look tries to start, it checks for the network resource and end point policy (if defined). If it passes, the

user can log on and check email. If it fails, Outlook does not start.

If the application is open before connecting to the Firebox SSL VPN Gateway, the application remains

open; however, the policies take effect and the user cannot use the application.

If an application policy does not have a network resource or end point policy configured, and if the

checkbox Deny applications without policies is selected on the General tab of the group properties,

the application is denied access to the network.

To configure an application policy

Click the Access Policy Manager tab.

In the right pane, right-click Application Policies and then click New Application Policy.

In Application, type the name of the application or click Browse to navigate to the application.

The MD5 field is populated automatically with the binary sum of the application.

To restrict the application to specific networks or require an end point policy, under Application

Constraints do one or both of the following:

• To add a network resource to the application policy, under Network Resources, click the

resource and drag it to Application Network Policies.

• To add an end point policy to the application policy, under End Point Policies, click the policy

and drag it to Application End Point Policies.

Click OK.

When a user disconnects from the Firebox SSL VPN Gateway, any applications that are open can be

closed automatically.

Administration Guide

Configuring Resources for a User Group

101

Table of Contents

Troubleshooting

This manual is also suitable for:

Ssl 500 Firebox ssl series

Application Policies - Watchguard SSL 1000 User Manual

Application policies

Troubleshooting

Related Manuals for Watchguard SSL 1000

Related Content for Watchguard SSL 1000

This manual is also suitable for:

Table of Contents