Establishing the Secure Tunnel

Connecting from a Private Computer

•The Firebox SSL VPN Gateway terminates the SSL tunnel, accepts any incoming traffic destined for the private network, and forwards the traffic to the private network. The Firebox SSL VPN Gateway sends traffic back to the remote computer over a secure tunnel.

When a remote user logs on using the Secure Access Client, the Firebox SSL VPN Gateway prompts the user for authentication over HTTP 401 Basic or Digest. The Firebox SSL VPN Gateway authenticates the credentials using an authentication type such as local authentication, RSA SecurID, SafeWord, LDAP, NTLM, or RADIUS. If the credentials are correct, the Firebox SSL VPN Gateway finishes the handshake with the client. This logon step is required only when a user initially downloads the Secure Access Client. If the user is behind a proxy server, the user can specify the proxy server and authentication credentials. For more information, see “Configuring Proxy Servers for the Secure Access Client” on page 125.

The Secure Access Client is installed on the user’s computer. After the first connection, the remote user can subsequently use a desktop shortcut to start the Secure Access Client.

The Advanced Options dialog box, which is used to configure client computer settings, can also be opened by right-clicking the Secure Access Client icon on the desktop and then clicking Properties. If users are connecting using a Web page, they are either prompted to log on or are taken directly to a portal page where they can connect using Secure Access Client.

If the Firebox SSL VPN Gateway is configured to have users log on before making a connection with Secure Access Client, they type their user name and password and then log on. A portal page appears that provides the choice to log on using the full Secure Access Client or in kiosk mode (if enabled). If a user chooses to log on using Secure Access Client, the connection provides full access to the network resources that the user’s group(s) have permission to access.

The access granted by the security policies enable users to work with the remote system just as if they are logged on locally. For example, users might be granted permission to applications, including Web, client-server, and peer-to-peer such as Instant Messaging, video conferencing, and real-time Voice over IP applications. Users can also map network drives to access allowed network resources, including shared folders and printers.

While connected to an Firebox SSL VPN Gateway, remote users cannot see network information from the site to which they are connected. For example, while connected to the Firebox SSL VPN Gateway, type the following at a command prompt:

ipconfig/all or route print

You will not see network information from the corporate network.

After the Secure Access Client is started, it establishes a secure tunnel over port 443 (or any configured port on the Firebox SSL VPN Gateway) and sends authentication information. When the tunnel is estab- lished, the Firebox SSL VPN Gateway sends configuration information to the Secure Access Client describing the networks to be secured and containing an IP address if you enabled IP pooling. For more information about IP pooling see “Enabling IP Pooling” on page 94.

Tunneling Private Network Traffic over Secure Connections

When the Secure Access Client is started and the user is authenticated, all network traffic destined for specified private networks is captured and redirected over the secure tunnel to the Firebox SSL VPN Gateway.

The Firebox SSL VPN Gateway intercepts all network connections made by the client device and multi- plexes/tunnels them over SSL to the Firebox SSL VPN Gateway, where the traffic is demultiplexed and the connections are forwarded to the correct host and port combination.

The connections are subject to administrative security policies that apply to a single application, a sub- set of applications, or an entire intranet. You specify the resources (ranges of IP address/subnet pairs)

120	Firebox SSL VPN Gateway

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.

WatchGuard Technologies SSL VPN manual Tunneling Private Network Traffic over Secure Connections

Models: SSL VPN