WatchGuard Technologies SSL VPN manual ActiveX Helper, Using the Secure Access Client Window

Connecting from a Private Computer

sends its known local IP address to the server by means of a custom client-server protocol. For these applications, the Secure Access Client provides the local client application a private IP address represen- tation, which the Firebox SSL VPN Gateway uses on the internal network. Many real-time voice applica- tions and FTP use this feature.

Clients can access resources on the corporate network by connecting through the Firebox SSL VPN Gateway from their own computer or from a public computer.

ActiveX Helper

When the user connects to the Web Interface portion of the Firebox SSL VPN Gateway and logs on, net6helper.cab and ActiveX control are installed. This file provides three main functions:

•It launches the client from the Web page instead of having to manually download the executable and then launching the Secure Access Client.

•It performs pre-authentication checks for the Web page.

•It provides single sign-on. When the Secure Access Client is started from the Web page, the Secure Access Client does not prompt the user to log on again.

Using the Secure Access Client Window

To enable users to connect to and use the Firebox SSL VPN Gateway, you need to provide them with the following information:

• Firebox SSL VPN Gateway Web address, such as https://AccessGatewayFQDN/.

If a user needs access from a computer that is not running Windows 2000 or above or Linux, but is running a Java Virtual Machine (JVM) 1.5 or higher, the user can use the Java applet version of the kiosk. The Web address for connecting to the Java applet version of the kiosk is: https://AccessGateway/vpn_portal-javaonly.html

•The authentication realm name required for logon (if you use realms other than the realm named Default).

•Path to any network drives that the users can access, which is done by mapping a network drive on their computer.

•Any system requirements for running the Secure Access Client if you configured end point resources and policies.

Depending on the configuration of a remote user’s system, you might also need to provide additional information:

•To start the Secure Access Client, Windows 2000 users must be a local administrator or a member of the Administrators group to install programs on their computer. This restriction applies to Windows XP for first-time installation only, not for upgrades.

•If a user runs a firewall on the remote computer, the user might need to change the firewall settings so that it does not block traffic to or from the IP addresses corresponding to the resources for which you granted access. The Secure Access Client automatically handles Internet Connection Firewall in Windows XP and Windows Firewall in Windows XP Service Pack 2. For information about configuring a variety of popular firewalls, see “Using Firewalls with Firebox SSL VPN Gateway” on page 149.

•Users who want to send traffic to FTP over the Firebox SSL VPN Gateway connection must set their FTP application to perform passive transfers. A passive transfer means that the remote computer establishes the data connection to your FTP server, rather than your FTP server establishing the data connection to the remote computer.

•Users who want to run X client applications across the connection must run an X server, such as XManager, on their computers.

•Because users work with files and applications just as if they were local to the organization’s network, no retraining of users or configuration of applications is needed.