Enable Single Sign-On; Install The Watchguard Single Sign-On (Sso) Agent - Watchguard Firebox X15 User Manual

Enable Single Sign-On

1. To connect to the System Status page, type
of the Firebox X Edge trusted interface.
The default URL is: https://192.168.111.1
2. From the navigation bar, select Firebox Users > Settings.
The Firebox Users Settings page appears.
3. Make sure that the Require user authentication (enable local user accounts) check box is selected.
4. If necessary, select other access options. For more information, see
users.
5. Select the Enable Single Sign-On (SSO) check box.
6. Type the SSO agent IP address in the adjacent text box. This is the IP address of the computer on
which you installed the WatchGuard Authentication Gateway software.
7. In the Agent cache timeout text box, type the number of seconds before the SSO agent must check a
user's login status a second time. We recommend that you keep this value small if you use short
DHCP lease times.
8. Add or remove SSO exceptions for IP addresses that the Firebox will not query for user information,
such as computers with multiple users or servers that are not part of your Active Directory domain. If
you reference these devices in your policies by name, they must authenticate with the Firebox using a
web browser.
You can type a host IP address, a network IP address in slash notation, or a range of IP addresses.
9. Click Submit to save your changes.

Install the WatchGuard Single Sign-On (SSO) agent

To use Single Sign-On (SSO), you must install the WatchGuard SSO agent. The SSO agent is a service that
receives requests for Firebox authentication and checks the user's status with the Active Directory server. The
service runs with the name WatchGuard Authentication Gateway on the computer on which you install the
SSO agent software. The computer on which you install the SSO agent software must have the Microsoft
.NET Framework 2.0 installed.
To use Single Sign-On with your Firebox, you must install the SSO agent on a domain computer with
a static IP address. We recommend that you install the SSO agent on your domain controller.
Download the SSO agent software
1. Use your browser to go to: http://www.watchguard.com/.
2. Log in with your LiveSecurity Service user name and password.
3. Click the Software Downloads link.
4. Select your Firebox type and model number.
5. Download the WatchGuard Authentication Gateway software and save the file to a convenient
location.
Before you install
The SSO agent service must be run as a user. We recommend that you create a new user account for this
purpose. For the SSO agent service to operate correctly, configure the user account with the following
properties:
Add the account to the Domain Admin group.
Make the Domain Admin group the primary group.
Allow the account to log on as a service.
Set the password to never expire.
User Guide
in the browser address bar, and the IP address
https://
Set authentication options for all
User and Group Management
201