WatchGuard Technologies SSL VPN Starting the Secure Access Client, To configure a proxy server

Using the Firebox SSL VPN Gateway

•After downloading the Secure Access Client, the user logs on. When the user successfully authenticates, the Firebox SSL VPN Gateway establishes a secure tunnel.

•As the remote user attempts to access network resources across the VPN tunnel, the Secure Access Client encrypts all network traffic destined for the organization’s intranet and forwards the packets to the Firebox SSL VPN Gateway.

•The Firebox SSL VPN Gateway terminates the SSL tunnel, accepts any incoming traffic destined for the private network, and forwards the traffic to the private network. The Firebox SSL VPN Gateway sends traffic back to the remote computer over a secure tunnel.

Starting the Secure Access Client

A remote user installs the Secure Access Client by typing a secure Web address, typically the fully quali- fied domain name (FQDN) of the Firebox SSL VPN Gateway. The Firebox SSL VPN Gateway prompts the user for authentication over HTTP 401 Basic or Digest. The Firebox SSL VPN Gateway authenticates the credentials using one of the following authentication methods: local authentication, RSA SecureID, Safe- Word PremierAccess, LDAP, or RADIUS. If the credentials are correct, the Firebox SSL VPN Gateway fin- ishes the handshake with the client. This logon step is required only when a user initially downloads the Secure Access Client.

If the user is behind a proxy server, the user can specify the proxy server’s IP address and authentication credentials.

To configure a proxy server

1To open the logon dialog box, click the Secure Access Client icon on the desktop.

2In the Firebox SSL Secure Access logon dialog box, right-click anywhere in the dialog box and select Advanced Options.

3In the Firebox SSL Secure Access Options dialog box, under Proxy Settings, select Use Proxy Host.

4In Proxy Address and Proxy Port, type the IP address and port number.

5If the authentication is required by the server, select Proxy server requires authentication.

The Secure Access Client is installed on the user’s computer. After the first connection, the remote user can subsequently use a desktop shortcut to start the Secure Access Client.

The Advanced Options dialog box can also be opened by right-clicking the Firebox SSL Secure Access icon on the desktop and then clicking Properties.

Enabling Single Sign-On Operation for the Secure Access Client

If the Secure Access Client is configured for single sign-on operation, it automatically starts after the user logs on to Windows. The user’s Windows logon credentials are passed to the Firebox SSL VPN Gate- way for authentication. Enabling single sign-on for the Secure Access Client facilitates operations on the remote computer such as installation scripts and automatic drive mapping.

For more information about configuring single sign-on, see “Configuring Secure Access Client for single sign-on” on page 91.

Note

Users must be logged on as a local administrator or be a member of the Administrators group to use single sign-on for Secure Access Client.