Configuring Properties for a User Group

2On the General tab, under Application Options, select Deny applications without policies.

For more information about application policies, see “Application policies” on page 101.

For more information about endpoint policies, see “End point resources and policies” on page 104.

Enabling Split DNS

By default, the Firebox SSL VPN Gateway checks a user’s remote DNS only. You can allow failover to a user’s local DNS by enabling split DNS. A user can override this setting using the Connection Proper- ties dialog box from the Secure Access logon screen.

To allow failover to a user’s local DNS

1Click the Access Policy Manager tab.

2In the left pane, right-click a group and click Properties.

3On the Networking tab, click Enable split-DNS.

The Firebox SSL VPN Gateway fails over to the local DNS only if the specified DNS servers cannot be contacted but not if there is a negative response.

4Click OK.

Enabling IP Pooling

In some situations, users connecting using Secure Access Client need a unique IP address for the Firebox SSL VPN Gateway. For example, in a Samba environment, each user connecting to a mapped network drive needs to appear to originate from a different IP address. When you enable IP pooling for a group, the Firebox SSL VPN Gateway can assign a unique IP address alias to each client’s session.

You can specify the gateway device to be used for IP pooling. The gateway device can be the Firebox SSL VPN Gateway itself or some other device. If you do not specify a gateway, an Firebox SSL VPN Gateway interface is used, based on the General Networking settings, as follows:

If you configured only Interface 0 (the Firebox SSL VPN Gateway is inside your firewall), the Interface 0 IP address is used as the gateway.

If you configured Interfaces 0 and 1 (the Firebox SSL VPN Gateway is in the DMZ), the Interface 1 IP address is used as the gateway. (Interface 1 is considered the internal interface in this scenario.)

To configure IP pooling for a group

1Click the Access Policy Manager tab.

2In the left pane, right-click a user group and click Properties

3On the Networking tab, click Enable IP pools.

4Under IP Pool Configuration, right-click a gateway and then click Modify Gateway Pool.

5In Starting IP Address, type the starting IP address for the pool.

6In Number of IP Addresses, type the number of IP address aliases. You can have as many as 2000 IP addresses total in all IP pools.

7In Default Gateway, type the gateway IP address.

If you leave this field blank, an Firebox SSL VPN Gateway network adapter is used, as described earlier in this section. If you specify some other device as the gateway, the Firebox SSL VPN Gateway adds an entry for that route in the Firebox SSL VPN Gateway routing table.

8Click OK.

94

Firebox SSL VPN Gateway

Page 104
Image 104
WatchGuard Technologies SSL VPN manual Enabling Split DNS, Enabling IP Pooling, To allow failover to a user’s local DNS

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.