Watchguard SSL 1000 User Manual page 174

Vpn gateway

Hide thumbs Also See for SSL 1000:

Setup manual (6 pages)

Hardware manual (31 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

Scenario 1: Configuring LDAP Authentication and Authorization

This task includes these five procedures:

• Configuring accessible networks

• Creating an LDAP authentication realm

• Creating the appropriate groups on the Firebox SSL VPN Gateway

• Creating and assigning network resources to the user groups

• Creating an application policy for the email server

Each of these procedures is discussed in detail below.

Configuring Accessible Networks

Configuring accessible networks is the first of five procedures the administrator performs to

configure access to the internal network resources in the configuring LDAP authentication and

authorization scenario.

In this procedure, the administrator specifies the internal networks that contain the network

resources that users must access using the Secure Access Client.

In the previous task, the administrator determined that the remote Sales and Engineering users

must have access to the resources on these specific internal networks:

•

The Web conference server, file servers, and email server residing in the network 10.10.0.0/24

•

The server containing the Sales Web application residing in the network 10.60.10.0/24

The administrator specifies these networks as accessible networks. Specifying the accessible

networks enables the Secure Access Client to support split tunneling.

When a user logs on to the Firebox SSL VPN Gateway, the Firebox SSL VPN Gateway sends this list of

networks to the Secure Access Client on the user's computer. The Secure Access Client uses this list

of networks as a filter to determine which outbound packets should be sent to the Firebox SSL VPN

Gateway and which should be sent elsewhere. The Secure Access Client transmits only the packets

bound for the Firebox SSL VPN Gateway through the secure tunnel to the Firebox SSL VPN Gateway.

If you do not want to support split tunneling, you do not need to configure accessible networks.

To configure accessible networks

Open the Administration Tool.

Click the Global Cluster Policies tab.

If necessary, select Enable split tunneling.

In the Accessible networks box, enter all of the internal networks that the Firebox SSL VPN

Gateway must access. Separate each network entered with a space or a carriage return. In this

example access scenario, the administrator would make these entries:

10.10.0.0/24

10.60.10.0/24

Select the Enable logon page authentication check box. This setting requires users to

authenticate when accessing the portal page of the Firebox SSL VPN Gateway with a Web browser.

To simplify this example, assume the administrator clears all other check boxes that appear on the

Global Cluster Policies tab.

For more information about split tunneling, see "Enabling Split Tunneling" on page 57.

For more information about the Deny Access without ACL setting, see "Denying Access to Groups

without an ACL" on page 58.

164

Note

Firebox SSL VPN Gateway

Table of Contents

Troubleshooting

This manual is also suitable for:

Ssl 500 Firebox ssl series

Watchguard SSL 1000 User Manual page 174

Troubleshooting

Related Manuals for Watchguard SSL 1000

Related Products for Watchguard SSL 1000

This manual is also suitable for:

Table of Contents