To reset the default certificate

Overview of the Certificate Signing Request

The root certificate that is installed on the Firebox SSL VPN Gateway has to be in PEM format. On Win- dows, the file extension .cer is sometimes used to indicate that the root certificate is in PEM format.

If you are validating certificates on internal connections, the Firebox SSL VPN Gateway must have a root certificate installed.

To install a root certificate on the Firebox SSL VPN Gateway

1On the Firebox SSL VPN Gateway Cluster tab, open the window for an appliance.

2On the Administration tab, next to Manage trusted root certificates, click Manage.

3 On the Manage tab, click Upload Trusted Root Certificate. 4 Navigate to the file and then click Open.

To remove the root certificate, click Remove Trusted Root Certificate.

Installing Multiple Root Certificates

Multiple root certificates can be installed on the Firebox SSL VPN Gateway, however they must be in one file. For example, you can create a text file in a plain text editor (such as Notepad) that contains all of the root certificates. Open each root certificate in another plain text editor window and then copy and paste the contents of each certificate below the last line in the new text window. When all of the certificates are copied to the new file, save the text file in PEM format, and then upload the file to the Firebox SSL VPN Gateway.

Creating Root Certificates Using a Command Prompt

You can also create PEM-formatted root certificates using a DOS command prompt. For example, if you have three PEM root certificates, you can use the following command to create one file that contains all three certificates:

type root1.pem root2.pem root3.pem > current-roots.pem

If you want to add additional root certificates to an existing file, use the following command:

type root4.pem root5.pem >> current-roots.pem

When this command is executed, all five root certificates are in the file current-roots.pem. The double greater than symbol (>>) appends the the contents of root4.pem and root5.pem to the existing con- tents of current-roots.pem.

Resetting the Certificate to the Default Setting

The Firebox SSL VPN Gateway comes with a certificate that is not digitally signed by a Certificate Author- ity. If you need to reimage the appliance, you can reset the certificate to the default certificate that came with the Firebox SSL VPN Gateway. You can do this by using the serial console and selecting the option to reset the certificate.

1Connect the serial cable to the 9-pin serial port on the Firebox SSL VPN Gateway and connect the cable to a computer that is capable of running terminal emulation software.

2On the computer, start a terminal emulation application such as HyperTerminal.

Administration Guide

113

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.

WatchGuard Technologies SSL VPN manual Installing Multiple Root Certificates

Models: SSL VPN