Troubleshooting

Internal Failover

If internal failover is enabled and the administrator is connected to the Firebox SSL VPN Gateway, the Administration Tool cannot be reached over the connection. To fix this problem, enable IP pooling and then connect to the lowest IP address in the pool range on port 9001. For example, if the IP pool range starts at 10.10.3.50, connect to the Administration Tool using 10.10.3.50:9001. For information about configuring IP pools, see “Enabling IP Pooling” on page 94.

Certificate Signing

There are several server components that support SSL/TLS, such as the Firebox SSL VPN Gateway, Secure Gateway, and SSL Relay. All of these components support server certificates issued either by a public Certificate Authority (CA) or by a private Certificate Authority. Public CAs include organizations such as Verisign and Thawte. Private CAs are implemented by products such as Microsoft Certificate Ser- vices.

Certificates signed by a private CA are sometimes described as enterprise certificates or self-signed certifi- cates. In this context, the term self-signed certificate is not technically accurate; such certificates are signed by the private CA. True self-signed certificates are not signed by any CA and are not supported by the server components, because there is no CA to provide a root of trust. However, as described above, certificates issued by a private CA are supported by the server components because the private CA is the root of trust.

Certificate Revocation Lists

Certificate Revocation Lists (CRLs) cannot be configured by the administrator. When a user connects to the Firebox SSL VPN Gateway using a client certificate, the Firebox SSL VPN Gateway uses the cRLDistri- butionPoints extension in the client certificate, if it is present, to locate relevant CRLs using HTTP. The cli- ent certificate is checked against those CRLs.

Retrieving CRLs using LDAP is not supported.

Network Messages to Non-Existent IPs

If an invalid sdconf.rec file is uploaded to the Firebox SSL VPN Gateway, this might cause the Firebox SSL VPN Gateway to send out messages to non-existent IPs. A network monitor might flag this activity as network spamming.

To correct the problem, upload a valid sdconf.rec file to the Firebox SSL VPN Gateway.

The Firebox SSL VPN Gateway Does not Start and the Serial Console Is Blank

Verify that the following are correctly set up:

The serial console is using the correct port and the physical and logical ports match

The cable is a null-modem cable

The COM settings in your serial communication software are set to 9600 bits per second, 8 data bits, no parity, and 1 stop bit

The Administration Tool Is Inaccessible

If the Firebox SSL VPN Gateway is offline, the Administration Tool is not available. You can use the Administration Portal to perform tasks such as viewing the system log and restarting the Firebox SSL VPN Gateway.

146

Firebox SSL VPN Gateway

Page 155 Page 157
Page 156
Image 156
WatchGuard Technologies SSL VPN manual Internal Failover, Certificate Signing, Certificate Revocation Lists
Page 155 Page 157

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.
Top Page Image Contents