Specifying Accessible Networks; Enabling Split Tunneling - Watchguard SSL 1000 User Manual

Vpn gateway

Hide thumbs Also See for SSL 1000:

Setup manual (6 pages)

Hardware manual (31 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

You can change the default operation so that user groups are denied network access unless they

are allowed access to one or more network resource groups.

• You configure ACLs for user groups by specifying which network resources are allowed or denied

per user group.

By default, all network resource groups are allowed and network access is controlled by the Deny

Access without ACL option on the Global Cluster Policies tab. When you allow or deny one

resource group, all other resource groups are denied automatically and the network access for

the user group is controlled only through its ACL.

If a resource group includes a resource that you do not want a user group to access, you can

create a separate resource group for just that resource and deny the user group access to it.

The options just discussed are summarized in the following table.

ACL set for

user group?

Yes

Specifying Accessible Networks

You must specify which networks the Firebox SSL VPN Gateway can access.

When configuring network access, the most restrictive policy must be configured first and the least restrictive

last; for example, you want to allow access to everything on the 10.0.x.x network, but need to deny access to

the 10.0.20.x

network. Configure network access to 10.0.20.x first and then configure access to

10.0.x.x network.

To give the Firebox SSL VPN Gateway access to a network

Click the Global Cluster Policies tab.

Under Access Options, in Accessible Networks, type a list of networks. Use a space or carriage

return to separate the list of networks.

Click Submit.

Enabling Split Tunneling

You can enable split tunneling on the Global Cluster Policies tab to prevent the Secure Access Client

from sending unnecessary network traffic to the Firebox SSL VPN Gateway.

When split tunneling is not enabled, the Secure Access Client captures all network traffic originating

from a client computer, and sends the traffic through the VPN tunnel to the Firebox SSL VPN Gateway.

If you enable split tunneling, the Secure Access Client sends only traffic destined for networks protected

by the Firebox SSL VPN Gateway through the VPN tunnel. The Secure Access Client does not send net-

work traffic destined for unprotected networks to the Firebox SSL VPN Gateway.

Administration Guide

Deny access

User group can access:

without ACL?

All accessible networks

Allowed resource groups

Yes

Nothing

Yes

Allowed resource groups

Enabling Split Tunneling

the

Table of Contents

Troubleshooting

This manual is also suitable for:

Ssl 500 Firebox ssl series

Specifying Accessible Networks; Enabling Split Tunneling - Watchguard SSL 1000 User Manual

Specifying Accessible Networks

Enabling Split Tunneling

Troubleshooting

Related Manuals for Watchguard SSL 1000

Related Content for Watchguard SSL 1000

This manual is also suitable for:

Table of Contents