Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual Enabling Split DNS, Enabling IP Pooling

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 104
Image 104
Enabling Split DNS

Configuring Properties for a User Group

2On the General tab, under Application Options, select Deny applications without policies.

For more information about application policies, see “Application policies” on page 101.

For more information about endpoint policies, see “End point resources and policies” on page 104.

Enabling Split DNS

By default, the Firebox SSL VPN Gateway checks a user’s remote DNS only. You can allow failover to a user’s local DNS by enabling split DNS. A user can override this setting using the Connection Proper- ties dialog box from the Secure Access logon screen.

To allow failover to a user’s local DNS

1Click the Access Policy Manager tab.

2In the left pane, right-click a group and click Properties.

3On the Networking tab, click Enable split-DNS.

The Firebox SSL VPN Gateway fails over to the local DNS only if the specified DNS servers cannot be contacted but not if there is a negative response.

4Click OK.

Enabling IP Pooling

In some situations, users connecting using Secure Access Client need a unique IP address for the Firebox SSL VPN Gateway. For example, in a Samba environment, each user connecting to a mapped network drive needs to appear to originate from a different IP address. When you enable IP pooling for a group, the Firebox SSL VPN Gateway can assign a unique IP address alias to each client’s session.

You can specify the gateway device to be used for IP pooling. The gateway device can be the Firebox SSL VPN Gateway itself or some other device. If you do not specify a gateway, an Firebox SSL VPN Gateway interface is used, based on the General Networking settings, as follows:

If you configured only Interface 0 (the Firebox SSL VPN Gateway is inside your firewall), the Interface 0 IP address is used as the gateway.

If you configured Interfaces 0 and 1 (the Firebox SSL VPN Gateway is in the DMZ), the Interface 1 IP address is used as the gateway. (Interface 1 is considered the internal interface in this scenario.)

To configure IP pooling for a group

1Click the Access Policy Manager tab.

2In the left pane, right-click a user group and click Properties

3On the Networking tab, click Enable IP pools.

4Under IP Pool Configuration, right-click a gateway and then click Modify Gateway Pool.

5In Starting IP Address, type the starting IP address for the pool.

6In Number of IP Addresses, type the number of IP address aliases. You can have as many as 2000 IP addresses total in all IP pools.

7In Default Gateway, type the gateway IP address.

If you leave this field blank, an Firebox SSL VPN Gateway network adapter is used, as described earlier in this section. If you specify some other device as the gateway, the Firebox SSL VPN Gateway adds an entry for that route in the Firebox SSL VPN Gateway routing table.

8Click OK.

94

Firebox SSL VPN Gateway

Page 103 Page 105
Page 104
Image 104
WatchGuard Technologies SSL VPN manual Enabling Split DNS, Enabling IP Pooling, To allow failover to a user’s local DNS
Page 103 Page 105