Setting the Priority of Groups

The following two settings are unioned together. For these settings, they are combined among all of the groups of which the user is a member. When these are combined, these are the enforced set of rules applied to the user. For example, if a user is a member of the sales and support groups, if the sales group has notepad.exe and calc.exe defined as an end point policy, and if the support groups have just Inter- net Explorer defined, all of the policies are enforced for the user.

Kiosk mode configuration, which includes persistent mode, the applications the user can use, and the default Web address with which the user connects

End point policies that specify registry settings, processes, or files that must be on the client computer

If users are members of multiple groups, and IP pooling is enabled in one of those groups, the Firebox SSL VPN Gateway allocates an IP address from the pool for the first group that has IP pooling enabled. Groups are initially listed in the order in which they are created.

To set the priority of groups

1Click the Group Priority tab.

2Select a group that you want to move and use the arrow keys to raise or lower the group in the list.

The group at the top of the list has the highest priority.

To view the group priorities for a user

In the Firebox SSL VPN Gateway Administration Desktop, click the Real-time Monitor icon. The display lists all groups to which the user belongs and the group with the highest priority.

Configuring Pre-Authentication Policies

Users can be restricted from logging on to the Firebox SSL VPN Gateway using pre-authentication poli- cies. When users use a Web browser to connect to the Firebox SSL VPN Gateway, before they receive the logon dialog box, the pre-authentication policy scans the client computer. If the scan fails, users are pre- vented from logging on. To log on to the Web portal, the client needs to install the correct applications.

To create pre-authentication policies

1Click the Access Policy Manager tab.

2Under End Point Policies, click the configured policy and drag it to Pre-Authentication Policies in

the left pane (located under the Global Policies policy node).

To create and configure end point resources and policies, see “Configuring End Point Policies and Resources”.

Administration Guide

107

Page 117
Image 117
WatchGuard Technologies SSL VPN manual Configuring Pre-Authentication Policies, To set the priority of groups

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.