Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual Defining Accessible Networks, VMWare, ICMP Transmissions

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 155
Image 155
Defining Accessible Networks

Troubleshooting

Defining Accessible Networks

In the Accessible Networks field on the Global Cluster Policies tab, up to 24 subnets can be defined. If more than 24 subnets are entered, the Firebox SSL VPN Gateway ignores the additional subnets.

VMWare

If a user logs on to the Secure Access Client from two computers that are running VMWare and VMWare uses the same MAC address for the two computers, the Firebox SSL VPN Gateway does not allow both clients to run simultaneously. The Firebox SSL VPN Gateway uses the MAC address to manage licenses and does not allow more than one client session at a time per MAC address.

ICMP Transmissions

The Firebox SSL VPN Gateway returns a “Request timed out” error message if an ICMP transmission fails for any reason. The Firebox SSL VPN Gateway always sends a standard ICMP packet to the remote desti- nation host when a client tries to ping it. Any client options such as increasing the size of the ICMP pay- load are not recognized by the Firebox SSL VPN Gateway and are not sent to the remote host.

Ping Command

The Firebox SSL VPN Gateway always sends out the same ping command, regardless of the options specified with the ping command from a client computer.

LDAP Authentication

When the Firebox SSL VPN Gateway is configured to use LDAP authentication and authorization, the LDAP group information is not used to automatically populate the group field in the Administration Tool.

End Point Policies

When the Firebox SSL VPN Gateway is evaluating the union of a group’s end point policies, it does not consider the group priorities and therefore might not resolve conflicting policies correctly. The last pol- icy appended in an expression is the policy that takes effect. For example, one group has policy Pro- cessA and another group has policy !ProcessA. If the union of the policies is ProcessA and !ProcessA, the !ProcessA takes effect.

Network Resources

For added network resources, the Firebox SSL VPN Gateway does not recognize the CIDR notation address ipaddress/0. For example, to add a resource group that provides access to all resources, specify 0.0.0.0/0.0.0.0 instead of 0.0.0.0/0.

Kiosk Connections

For kiosk connections, the Firebox SSL VPN Gateway must have a certificate that is signed by a Sun Microsystems trusted Certificate Authority.

Client connections using kiosk mode require the installation of Java Runtime Environment (JRE) 1.4+ on their computer.

Administration Guide

145

Page 154 Page 156
Page 155
Image 155
WatchGuard Technologies SSL VPN Defining Accessible Networks, VMWare, ICMP Transmissions, Ping Command, End Point Policies
Page 154 Page 156