Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual Configuring Pre-AuthenticationPolicies

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 117
Image 117
To set the priority of groups

Setting the Priority of Groups

The following two settings are unioned together. For these settings, they are combined among all of the groups of which the user is a member. When these are combined, these are the enforced set of rules applied to the user. For example, if a user is a member of the sales and support groups, if the sales group has notepad.exe and calc.exe defined as an end point policy, and if the support groups have just Inter- net Explorer defined, all of the policies are enforced for the user.

Kiosk mode configuration, which includes persistent mode, the applications the user can use, and the default Web address with which the user connects

End point policies that specify registry settings, processes, or files that must be on the client computer

If users are members of multiple groups, and IP pooling is enabled in one of those groups, the Firebox SSL VPN Gateway allocates an IP address from the pool for the first group that has IP pooling enabled. Groups are initially listed in the order in which they are created.

To set the priority of groups

1Click the Group Priority tab.

2Select a group that you want to move and use the arrow keys to raise or lower the group in the list.

The group at the top of the list has the highest priority.

To view the group priorities for a user

In the Firebox SSL VPN Gateway Administration Desktop, click the Real-time Monitor icon. The display lists all groups to which the user belongs and the group with the highest priority.

Configuring Pre-Authentication Policies

Users can be restricted from logging on to the Firebox SSL VPN Gateway using pre-authentication poli- cies. When users use a Web browser to connect to the Firebox SSL VPN Gateway, before they receive the logon dialog box, the pre-authentication policy scans the client computer. If the scan fails, users are pre- vented from logging on. To log on to the Web portal, the client needs to install the correct applications.

To create pre-authentication policies

1Click the Access Policy Manager tab.

2Under End Point Policies, click the configured policy and drag it to Pre-Authentication Policies in

the left pane (located under the Global Policies policy node).

To create and configure end point resources and policies, see “Configuring End Point Policies and Resources”.

Administration Guide

107

Page 116 Page 118
Page 117
Image 117
WatchGuard Technologies SSL VPN manual Configuring Pre-AuthenticationPolicies, To set the priority of groups
Page 116 Page 118