Managing Client Connections

An email template is provided that includes the information discussed in this section. The template is available from the Downloads page of the Administration Portal. Customize the text for your site and then send the text in an email to users.

Note

To install the Secure Access Client from inside the firewall, go to the portal page and use the Click here to download the client installer link to download the client. The first time that the client is run from inside the firewall, point the client to the internal IP address of the Firebox SSL VPN Gateway by right- clicking the Secure Access Client logon and then choosing Advanced Options.

Managing Client Connections

The Real-time Monitor lists the open VPN connections by user name and MAC address. For each user, the type of connection by protocol (such as TCP or UDP) is also listed. The Target IP and Target Port pro- vide additional information about the connection. For example, connections to port 21 are FTP connec- tions and connections to port 23 are Telnet connections.

The connections can be managed as follows:

• You can close a connection, such as TCP or UDP.

For example, suppose that a user has a TCP connection to a Target IP (perhaps a mapped drive) that should be off-limits to the user. You can correct the access control list (ACL) for the user’s group and then close the TCP connection. For more information about ACL management, see “Adding Local Users” on page 87. If you do not correct the ACL before closing the connection, the user can reestablish the TCP connection.

Note

The Firebox SSL VPN Gateway maintains connections to Target IP 0.0.0.0 that are required for VPN operations. Closing any of those connections temporarily closes a connection.

You can disable a user’s connection and prevent subsequent logon from that user at the listed MAC address. The user can log on from a different MAC address.

You can reenable a user name/MAC address combination.

Connection handling

If a user abruptly disconnects the network or puts the computer in hibernate or standby mode, the SSL/ TCP connection to the Firebox SSL VPN Gateway is terminated after 10 minutes. A shorter wait period penalizes users who have slow network connections.

This handling of connections results in the following:

The user might continue to appear active in the Firebox SSL VPN Gateway Real-time Monitor for 10 minutes, after which the connection is terminated.

The inactive user occupies a license until the wait period expires and the connection is closed. Suppose that you have a license for10 users and all 10 users are logged onto the Firebox SSL VPN Gateway, leaving no available licenses. If one of the active users goes into standby mode, that user’s license is not available for 10 minutes.

The wait period does not apply to connections that are terminated through the Real-Time Monitor.

Administration Guide

133

Page 142 Page 144
Page 143
Image 143
WatchGuard Technologies SSL VPN manual Managing Client Connections, Connection handling
Page 142 Page 144

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.
Top Page Image Contents