Using the Firebox SSL VPN Gateway

After downloading the Secure Access Client, the user logs on. When the user successfully authenticates, the Firebox SSL VPN Gateway establishes a secure tunnel.

As the remote user attempts to access network resources across the VPN tunnel, the Secure Access Client encrypts all network traffic destined for the organization’s intranet and forwards the packets to the Firebox SSL VPN Gateway.

The Firebox SSL VPN Gateway terminates the SSL tunnel, accepts any incoming traffic destined for the private network, and forwards the traffic to the private network. The Firebox SSL VPN Gateway sends traffic back to the remote computer over a secure tunnel.

Starting the Secure Access Client

A remote user installs the Secure Access Client by typing a secure Web address, typically the fully quali- fied domain name (FQDN) of the Firebox SSL VPN Gateway. The Firebox SSL VPN Gateway prompts the user for authentication over HTTP 401 Basic or Digest. The Firebox SSL VPN Gateway authenticates the credentials using one of the following authentication methods: local authentication, RSA SecureID, Safe- Word PremierAccess, LDAP, or RADIUS. If the credentials are correct, the Firebox SSL VPN Gateway fin- ishes the handshake with the client. This logon step is required only when a user initially downloads the Secure Access Client.

If the user is behind a proxy server, the user can specify the proxy server’s IP address and authentication credentials.

To configure a proxy server

1To open the logon dialog box, click the Secure Access Client icon on the desktop.

2In the Firebox SSL Secure Access logon dialog box, right-click anywhere in the dialog box and select Advanced Options.

3In the Firebox SSL Secure Access Options dialog box, under Proxy Settings, select Use Proxy Host.

4In Proxy Address and Proxy Port, type the IP address and port number.

5If the authentication is required by the server, select Proxy server requires authentication.

The Secure Access Client is installed on the user’s computer. After the first connection, the remote user can subsequently use a desktop shortcut to start the Secure Access Client.

The Advanced Options dialog box can also be opened by right-clicking the Firebox SSL Secure Access icon on the desktop and then clicking Properties.

Enabling Single Sign-On Operation for the Secure Access Client

If the Secure Access Client is configured for single sign-on operation, it automatically starts after the user logs on to Windows. The user’s Windows logon credentials are passed to the Firebox SSL VPN Gate- way for authentication. Enabling single sign-on for the Secure Access Client facilitates operations on the remote computer such as installation scripts and automatic drive mapping.

For more information about configuring single sign-on, see “Configuring Secure Access Client for single sign-on” on page 91.

Note

Users must be logged on as a local administrator or be a member of the Administrators group to use single sign-on for Secure Access Client.

Administration Guide

25

Page 35
Image 35
WatchGuard Technologies SSL VPN manual Starting the Secure Access Client, To configure a proxy server

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.