Setting The Priority Of Groups - Watchguard SSL 1000 User Manual

Vpn gateway

Hide thumbs Also See for SSL 1000:

Setup manual (6 pages)

Hardware manual (31 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

Setting the Priority of Groups

In the right pane, right-click End Point Policies and then click New End Point Policy.

Type a name and click OK.

When the policy is created, create the expression by dragging and dropping the end point resources

into the Expression Root.

To build an end point policy expression

Click the Access Policy Manager tab.

In the right pane, right-click an end point policy and click Properties.

The property page opens and the resources pane moves to the left.

Under End Point Scan Expression, select Auto-build.

From End Point Resources, click and drag a resource to ()Expression Root in Expression

Generator.

The expression is built using the AND identifier. To change the identifier, right-click one of the

resources and then select the identifier from the menu.

Click OK.

The end point policy expression is configured automatically. If you want to manually edit the expres-

sion, click to clear Auto-build. The Auto-build check box should remain selected to prevent errors in

the expression.

Setting the Priority of Groups

For users who belong to more than one group, you can determine which group's policies apply to a user

by specifying the priority of groups. For example, suppose that some users belong to both the "sales"

group and the "support" group. If the sales group appears before the support group in the User Groups

list, the sales group policies apply to the users who belong to both of those groups. If the support group

appears before the sales group in the list, the support group policies take precedence.

The policies that are affected by the Group Priority setting are as follows:

•

Portal page configuration, which determines the portal page the user sees when making a

connection. The portal page can be the template provided with the Firebox SSL VPN Gateway or it can

point to the Web Interface.

•

User time-outs that specify the length of time a session can stay active. Time-outs include:

- Session time-outs where the connection is closed after a specified amount of time

- Network activity time-outs where the Secure Access Client does not detect network traffic for

a specified amount of time

- Idle session time-out where the Secure Access Client does not detect mouse or keyboard

activity for a specified amount of time

• Enabling split DNS that allows failover to the user's local DNS

• Forcing the user to log on again if there was a network interruption or when the computer comes

out of hibernate or standby

The Firebox SSL VPN Gateway looks at all of the user groups. If a user is a member of multiple groups, if

the Deny applications without policies check box is selected or if Disable desktop sharing check box

is selected in one group, the user's applications will be denied and desktop sharing will be disabled,

regardless of the settings in the other groups.

106

Firebox SSL VPN Gateway

Table of Contents

Troubleshooting

This manual is also suitable for:

Ssl 500 Firebox ssl series

Setting The Priority Of Groups - Watchguard SSL 1000 User Manual

Setting the Priority of Groups

Troubleshooting

Related Manuals for Watchguard SSL 1000

Related Content for Watchguard SSL 1000

This manual is also suitable for:

Table of Contents