WatchGuard Technologies SSL VPN manual Managing Client Connections, Connection handling

Managing Client Connections

An email template is provided that includes the information discussed in this section. The template is available from the Downloads page of the Administration Portal. Customize the text for your site and then send the text in an email to users.

Note

To install the Secure Access Client from inside the firewall, go to the portal page and use the Click here to download the client installer link to download the client. The first time that the client is run from inside the firewall, point the client to the internal IP address of the Firebox SSL VPN Gateway by right- clicking the Secure Access Client logon and then choosing Advanced Options.

Managing Client Connections

The Real-time Monitor lists the open VPN connections by user name and MAC address. For each user, the type of connection by protocol (such as TCP or UDP) is also listed. The Target IP and Target Port pro- vide additional information about the connection. For example, connections to port 21 are FTP connec- tions and connections to port 23 are Telnet connections.

The connections can be managed as follows:

• You can close a connection, such as TCP or UDP.

For example, suppose that a user has a TCP connection to a Target IP (perhaps a mapped drive) that should be off-limits to the user. You can correct the access control list (ACL) for the user’s group and then close the TCP connection. For more information about ACL management, see “Adding Local Users” on page 87. If you do not correct the ACL before closing the connection, the user can reestablish the TCP connection.

Note

The Firebox SSL VPN Gateway maintains connections to Target IP 0.0.0.0 that are required for VPN operations. Closing any of those connections temporarily closes a connection.

•You can disable a user’s connection and prevent subsequent logon from that user at the listed MAC address. The user can log on from a different MAC address.

•You can reenable a user name/MAC address combination.

Connection handling

If a user abruptly disconnects the network or puts the computer in hibernate or standby mode, the SSL/ TCP connection to the Firebox SSL VPN Gateway is terminated after 10 minutes. A shorter wait period penalizes users who have slow network connections.

This handling of connections results in the following:

•The user might continue to appear active in the Firebox SSL VPN Gateway Real-time Monitor for 10 minutes, after which the connection is terminated.

•The inactive user occupies a license until the wait period expires and the connection is closed. Suppose that you have a license for10 users and all 10 users are logged onto the Firebox SSL VPN Gateway, leaving no available licenses. If one of the active users goes into standby mode, that user’s license is not available for 10 minutes.

The wait period does not apply to connections that are terminated through the Real-Time Monitor.