Watchguard Technologies Water Heater Ssl Vpn Users Manual VPN_AdminGuide

2015-02-02

• WatchGuard®Firebox®SSL VPN Gateway Administration Guide
  • CHAPTER 1 Getting Started with Firebox SSL VPN Gateway
    • Audience
    • Operating System Requirements
    • Document Conventions
    • LiveSecurity Service Solutions
    • LiveSecurity Service Broadcasts
      • Activating LiveSecurity Service
    • LiveSecurity Service Self Help Tools
    • WatchGuard Users Forum
    • Online Help
    • Product Documentation
    • Technical Support
      • LiveSecurity Service technical support
      • LiveSecurity Gold
      • Firebox Installation Service
      • VPN Installation Service
    • Training and Certification
  • CHAPTER 2 Introduction to Firebox SSL VPN Gateway
    • Overview
    • New Features
      • Authentication and one-time passwords
      • New versions of the Secure Access Client
      • Configurable symmetric encryption ciphers
      • Automatic detection of proxy server settings
      • Secure Access Client connections
      • Automatic port redirection
      • Disable desktop sharing
      • Additional control over Secure Access Client connections
      • Disable kiosk mode
      • Specify multiple ports and port ranges for network resources
      • Voice over IP softphone support
      • Editable HOSTS file
      • NTLM authentication and authorization support.
      • Added challenge-response to RADIUS user authentication
      • SafeWord PremierAccess changed to support standards-based RADIUS token user authentication
      • Updated serial console menu
    • Features
      • Administration Tool
      • Firebox SSL VPN Gateway Settings
      • Feature Summary
    • The User Experience
    • Deployment and Administration
    • Planning your deployment
      • Deploying the Firebox SSL VPN Gateway in the Network DMZ
      • Deploying the Firebox SSL VPN Gateway in a Secure Network
    • Planning for Security with the Firebox SSL VPN Gateway
      • Configuring Secure Certificate Management
      • Authentication Support
      • Deploying Additional Appliances for Load Balancing and Failover
    • Installing the Firebox SSL VPN Gateway for the First Time
      • Getting Ready to Install the Firebox SSL VPN Gateway
      • Setting Up the Firebox SSL VPN Gateway Hardware
      • Configuring TCP/IP Settings for the Firebox SSL VPN Gateway
      • Redirecting Connections on Port 80 to a Secure Port
    • Using the Firebox SSL VPN Gateway
      • The Firebox SSL VPN Gateway operates as follows:
      • Starting the Secure Access Client
      • Enabling Single Sign-On Operation for the Secure Access Client
      • Establishing the Secure Tunnel
      • Tunneling Destination Private Address Traffic over SSL or TLS
      • Operation through Firewalls and Proxies
      • Terminating the Secure Tunnel and Returning Packets to the Client
      • Using Kiosk Mode
      • Connecting to a Server Load Balancer
  • CHAPTER 3 Configuring Basic Settings
    • Firebox SSL VPN Gateway Administration Desktop
      • To open the Administration Portal and Administrative Desktop
    • Using the Administration Portal
      • Downloads Tab
      • Admin Users Tab
      • Logging Tab
      • Maintenance Tab
    • Using the Serial Console
      • To open the serial console
    • Using the Administration Tool
      • To download and install the Administration Tool
    • Publishing Settings to Multiple Firebox SSL VPN Gateways
      • To publish Firebox SSL VPN Gateway settings
    • Product Activation and Licensing
      • Upgrading the tunnel and tunnel upgrade license
      • Upgrading the LiveSecurity Renewal and Tunnel Renewal license
    • Managing Licenses
      • To manage licenses on the Firebox SSL VPN Gateway
      • To install a license file
      • Information about Your Licenses
      • Testing Your License Installation
    • Blocking External Access to the Administration Portal
      • To block external access to the Administration Portal
    • Using Portal Pages
      • Using the Default Portal Page
    • Downloading and Working with Portal Page Templates
      • To download the portal page templates to your local computer
      • To work with the templates for Windows and Linux users
      • Using the ActiveX Control
      • Installing Custom Portal Files on the Firebox SSL VPN Gateway
    • Enabling Portal Page Authentication
      • To enable portal page authentication
    • Linking to Clients from Your Web Site
      • To include links to the Firebox SSL Secure Access Client and kiosk mode on your Web site
      • Multiple Log On Options using the Portal Page
      • Pre-Authentication Policy Portal Page
      • Double-source Authentication Portal Page
    • Connecting Using a Web Address
    • Connecting Using Secure Access Client
    • Saving and Restoring the Configuration
      • To save the Firebox SSL VPN Gateway configuration
      • To restore a saved configuration
    • Upgrading the Firebox SSL VPN Gateway Software
      • To upgrade the Firebox SSL VPN Gateway
    • Restarting the Firebox SSL VPN Gateway
      • To restart the Firebox SSL VPN Gateway
    • Shutting Down the Firebox SSL VPN Gateway
      • To shut down the Firebox SSL VPN Gateway
    • Firebox SSL VPN Gateway System Date and Time
      • To change the system date and time
      • Network Time Protocol
    • Allowing ICMP traffic
      • To enable ICMP traffic
  • CHAPTER 4 Configuring Firebox SSL VPN Gateway Network Connections
    • Configuring Network Information
    • General Networking
    • Name Service Providers
      • To enable split DNS
      • To edit the HOSTS file
    • Dynamic and Static Routing
      • Configuring Network Routing
      • Configuring Dynamic Routing
      • Enabling RIP Authentication for Dynamic Routing
      • Changing from Dynamic Routing to Static Routing
      • Configuring a Static Route
      • Static Route Example
    • Configuring Firebox SSL VPN Gateway Failover
      • To specify Firebox SSL VPN Gateway failover
      • Configuring Internal Failover
    • Controlling Network Access
      • Configuring Network Access
      • Specifying Accessible Networks
    • Enabling Split Tunneling
      • To enable split tunneling
      • Configuring User Groups
    • Denying Access to Groups without an ACL
      • To deny access to user groups without an ACL
    • Improving Voice over IP Connections
      • Enabling Improving Voice over IP Connections
      • To improve latency for UDP traffic
  • CHAPTER 5 Configuring Authentication and Authorization
    • Configuring Authentication and Authorization
      • Configuring Authentication without Authorization
      • The Default Realm
      • Using a Local User List for Authentication
      • Configuring Local Users
      • Adding Users to Multiple Groups
      • Changing Password for Users
      • Using LDAP Authorization with Local Authentication
    • Changing the Authentication Type of the Default Realm
      • Configuring the Default Realm
      • Creating Additional Realms
      • Removing Realms
    • Using SafeWord for Authentication
      • Configuring Secure Computing SafeWord Authentication
      • Configuring SafeWord Settings on the Access Gateway
      • To disable Firebox SSL VPN Gateway authentication
      • SafeWord PremierAccess Authorization
    • Using SafeWord for Citrix or SafeWord RemoteAccess for Authentication
      • To configure the IAS RADIUS realm
    • Using RADIUS Servers for Authentication and Authorization
      • To configure Microsoft Internet Authentication Service for Windows 2000 Server
      • To specify RADIUS server authentication
      • To configure RADIUS authorization
      • Choosing RADIUS Authentication Protocols
    • Using LDAP Servers for Authentication and Authorization
      • LDAP authentication
      • To configure LDAP authentication
    • LDAP Authorization
      • Group memberships from group objects working evaluations
      • Group memberships from group objects non-working evaluations
      • LDAP authorization group attribute fields
      • To configure LDAP authentication
      • To configure LDAP authorization
      • Using certificates for secure LDAP connections
      • Determining Attributes in your LDAP Directory
    • Using RSA SecurID for Authentication
      • To generate a sdconf.rec file for the Firebox SSL VPN Gateway
      • Enable RSA SecurID authentication for the Firebox SSL VPN Gateway
      • Configuring RSA Settings for a Cluster
      • Resetting the node secret
      • Configuring Gemalto Protiva Authentication
      • Configuring NTLM Authentication and Authorization
      • Configuring NTLM Authorization
      • Configuring Authentication to use One-Time Passwords
    • Configuring Double-Source Authentication
      • To create and configure a double-source authentication realm
      • Changing Password Labels
  • CHAPTER 6 Adding and Configuring Local Users and User Groups
    • Adding Local Users
      • To create a user on the Firebox SSL VPN Gateway
      • To delete a user from the Firebox SSL VPN Gateway
    • User Group Overview
    • Creating User Groups
      • To create a local user group
      • To remove a user group
    • Configuring Properties for a User Group
      • Default group properties
      • Forcing Users to Log on Again
      • Configuring Secure Access Client for single sign-on
      • Enabling domain logon scripts
      • Enabling session time-out
      • Configuring Web Session Time-Outs
      • Disabling Desktop Sharing
      • Setting Application Options
      • Enabling Split DNS
      • Enabling IP Pooling
      • Choosing a portal page for a group
      • Client certificate criteria configuration
      • Global policies
    • Configuring Resources for a User Group
      • Adding Users to Multiple Groups
      • Allowing and denying network resources and application policies
      • Defining network resources
      • Allowing and Denying Network Resources and Application Policies
      • Application policies
      • Configuring file share resources
      • Configuring kiosk mode
      • End point resources and policies
      • Configuring an end point policy for a group
    • Setting the Priority of Groups
      • Configuring Pre-Authentication Policies
  • CHAPTER 7 Creating and Installing Secure Certificates
    • Generating a Secure Certificate for the Firebox SSL VPN Gateway
    • Digital Certificates and Firebox SSL VPN Gateway Operation
    • Overview of the Certificate Signing Request
      • Password-Protected Private Keys
      • Creating a Certificate Signing Request
      • Installing a Certificate and Private Key from a Windows Computer
      • Installing Root Certificates on the Firebox SSL VPN Gateway
      • Installing Multiple Root Certificates
      • Creating Root Certificates Using a Command Prompt
      • Resetting the Certificate to the Default Setting
    • Client Certificates
      • To require client certificates
      • Installing Root Certificates
      • Obtaining a Root Certificate from a CertificateAuthority
      • Installing Root Certificates on a Client Device
      • Selecting an Encryption Type for Client Connections
    • Requiring Certificates from Internal Connections
      • To require server certificates for internal client connections
    • Wildcard Certificates
  • CHAPTER 8 Working with Client Connections
    • System Requirements
      • Operating Systems
      • Web Browsers
    • Using the Access Portal
      • To connect using the default portal page
    • Connecting from a Private Computer
      • Tunneling Private Network Traffic over Secure Connections
      • Operation through Firewalls and Proxies
      • Terminating the Secure Tunnel and Returning Packets to the Client
      • ActiveX Helper
      • Using the Secure Access Client Window
      • Configuring Proxy Servers for the Secure Access Client
      • Configuring Secure Access Client to Work with Non-Administrative Users
    • Connecting from a Public Computer
      • Connections Using Kiosk Mode
      • Creating a Kiosk Mode Resource
      • Working with File Share Resources
    • Client Applications
      • To enable client applications
      • Firefox Web Browser
      • Remote Desktop client
      • SSH Client
      • Telnet 3270 Emulator Client
      • VNC Client
      • Gaim Instant Messenging
    • Supporting Secure Access Client
    • Managing Client Connections
      • Connection handling
      • Closing a connection to a resource
      • Disabling and enabling a user
      • Configuring Authentication Requirements after Network Interruption
  • APPENDIX A Firebox SSL VPN Gateway Monitoring and Troubleshooting
    • Viewing and Downloading System Message Logs
      • To view and filter the system log
      • Forwarding System Messages to a Syslog Server
      • To forward Firebox SSL VPN Gateway system messages to a syslog server
      • Viewing the W3C-Formatted Request Log
    • Enabling and Viewing SNMP Logs
      • To enable logging of SNMP messages
      • Multi Router Traffic Grapher Example
    • Viewing System Statistics
    • Monitoring Firebox SSL VPN Gateway Operations
      • To open the Firebox SSL VPN Gateway Administration Desktop
    • Recovering from a Failure of the Firebox SSL VPN Gateway
      • Reinstalling v 4.9 application software
      • Backing up your configuration settings
      • Upgrading to SSL v 5.0
      • Upgrading to SSL v 5.5
      • Launching the v 5.5 Administration Tool
    • Troubleshooting
      • Troubleshooting the Web Interface
      • Other Issues
  • APPENDIX B Using Firewalls with Firebox SSL VPN Gateway
    • BlackICE PC Protection
    • McAfee Personal Firewall Plus
    • Norton Personal Firewall
    • Sygate Personal Firewall (Free and Pro Versions)
    • Tiny Personal Firewall
    • ZoneAlarm Pro
  • APPENDIX C Installing Windows Certificates
    • To install Cygwin
    • Unencrypting the Private Key
      • To unencrypt the private key
    • Converting to a PEM-Formatted Certificate
      • To convert the certificate from PKCS7 to PEM format
    • Combining the Private Key with the Signed Certificate
      • To combine the private key with the signed certificate
    • Generating Trusted Certificates for Multiple Levels
      • To generate trusted certificates for multiple levels
  • APPENDIX D Examples of Configuring Network Access
    • Scenario 1: Configuring LDAP Authentication and Authorization
      • Preparing for the LDAP Authentication and Authorization Configuration
      • Configuring the Firebox SSL VPN Gateway to Support Access to the Internal Network Resources
    • Scenario 2: Creating Guest Accounts Using the Local Users List
      • Creating a Guest User Authentication Realm
      • Creating Local Users
      • Creating and Assigning a Network Resource to the Default User Group
    • Scenario 3: Configuring Local Authorization for Local Users
  • APPENDIX E Legal and Copyright Information
  • Index