Configuring Firebox SSL VPN Gateway Failover

To set up the static route, you need to establish the path between the eth1 adapter and IP address 129.6.0.20.

To set up the example static route

1Click the VPN Gateway Cluster tab and then click the Routes tab.

2In Destination LAN IP Address, set the IP address of the destination LAN to 129.6.0.0.

3 In Subnet Mask, set the subnet mask for the gateway device.

4 In Gateway, set the IP address of the default gateway to 192.168.0.1. 5 In Interface, select eth1 as the gateway device adapter.

6 Click Add Static Route.

Configuring Firebox SSL VPN Gateway Failover

The Firebox SSL VPN Gateway can be configured to fail over to multiple Firebox SSL VPN Gateway appli- ances. Because Firebox SSL VPN Gateway failover is active/active, you can use each Firebox SSL VPN Gateway as a primary gateway for a different set of users.

During the initial connection from the Secure Access Client, the Firebox SSL VPN Gateway provides the failover list to the client. If the client loses the connection to the primary Firebox SSL VPN Gateway, it iterates through the list of failover appliances. If the primary Firebox SSL VPN Gateway fails, the connec- tion waits for 20 seconds and then goes to the failover list to make the connection. The client performs a DNS lookup for the first failover appliance and tries to connect. If the first failover Firebox SSL VPN Gate- way is not available, the client tries the next failover appliance. When the client successfully connects to a failover Firebox SSL VPN Gateway, the client is prompted to log on.

To specify Firebox SSL VPN Gateway failover

1Click the VPN Gateway Cluster tab and then click the Failover Servers tab.

2In Failover Server 1, Failover Server 2, and/or Failover Server 3, type the external IP address or the fully qualified domain name (FQDN) of the Firebox SSL VPN Gateway(s) to be used for failover

operation.

The Firebox SSL VPN Gateways are used for failover in the order listed.

3In Port, type the port number. The default is 443.

4 Click Submit.

Configuring Internal Failover

Configuring the client’s local DNS settings enables the Secure Access Client to connect to the Firebox SSL VPN Gateway from inside the firewall. When internal failover is configured, the client will failover to the internal IP address of the Firebox SSL VPN Gateway if the external IP address cannot be reached.

To enable internal failover

1Click the Global Cluster Policies tab.

2Under Advanced Options, select Enable Internal Failover.

When this check box is selected, the internal IP address of the Firebox SSL VPN Gateway is added to the failover list. If you disabled external administrator access, port 9001 is unavailable. If you want to con-

Administration Guide

55

Page 65
Image 65
WatchGuard Technologies manual Configuring Firebox SSL VPN Gateway Failover, To specify Firebox SSL VPN Gateway failover

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.