Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies Configuring Firebox SSL VPN Gateway Failover, Click Add Static Route

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 65
Image 65
To set up the example static route

Configuring Firebox SSL VPN Gateway Failover

To set up the static route, you need to establish the path between the eth1 adapter and IP address 129.6.0.20.

To set up the example static route

1Click the VPN Gateway Cluster tab and then click the Routes tab.

2In Destination LAN IP Address, set the IP address of the destination LAN to 129.6.0.0.

3 In Subnet Mask, set the subnet mask for the gateway device.

4 In Gateway, set the IP address of the default gateway to 192.168.0.1. 5 In Interface, select eth1 as the gateway device adapter.

6 Click Add Static Route.

Configuring Firebox SSL VPN Gateway Failover

The Firebox SSL VPN Gateway can be configured to fail over to multiple Firebox SSL VPN Gateway appli- ances. Because Firebox SSL VPN Gateway failover is active/active, you can use each Firebox SSL VPN Gateway as a primary gateway for a different set of users.

During the initial connection from the Secure Access Client, the Firebox SSL VPN Gateway provides the failover list to the client. If the client loses the connection to the primary Firebox SSL VPN Gateway, it iterates through the list of failover appliances. If the primary Firebox SSL VPN Gateway fails, the connec- tion waits for 20 seconds and then goes to the failover list to make the connection. The client performs a DNS lookup for the first failover appliance and tries to connect. If the first failover Firebox SSL VPN Gate- way is not available, the client tries the next failover appliance. When the client successfully connects to a failover Firebox SSL VPN Gateway, the client is prompted to log on.

To specify Firebox SSL VPN Gateway failover

1Click the VPN Gateway Cluster tab and then click the Failover Servers tab.

2In Failover Server 1, Failover Server 2, and/or Failover Server 3, type the external IP address or the fully qualified domain name (FQDN) of the Firebox SSL VPN Gateway(s) to be used for failover

operation.

The Firebox SSL VPN Gateways are used for failover in the order listed.

3In Port, type the port number. The default is 443.

4 Click Submit.

Configuring Internal Failover

Configuring the client’s local DNS settings enables the Secure Access Client to connect to the Firebox SSL VPN Gateway from inside the firewall. When internal failover is configured, the client will failover to the internal IP address of the Firebox SSL VPN Gateway if the external IP address cannot be reached.

To enable internal failover

1Click the Global Cluster Policies tab.

2Under Advanced Options, select Enable Internal Failover.

When this check box is selected, the internal IP address of the Firebox SSL VPN Gateway is added to the failover list. If you disabled external administrator access, port 9001 is unavailable. If you want to con-

Administration Guide

55

Page 64 Page 66
Page 65
Image 65
WatchGuard Technologies manual Configuring Firebox SSL VPN Gateway Failover, To specify Firebox SSL VPN Gateway failover
Page 64 Page 66