Enabling Split Tunneling

You can change the default operation so that user groups are denied network access unless they are allowed access to one or more network resource groups.

You configure ACLs for user groups by specifying which network resources are allowed or denied per user group.

By default, all network resource groups are allowed and network access is controlled by the Deny Access without ACL option on the Global Cluster Policies tab. When you allow or deny one resource group, all other resource groups are denied automatically and the network access for the user group is controlled only through its ACL.

If a resource group includes a resource that you do not want a user group to access, you can create a separate resource group for just that resource and deny the user group access to it.

The options just discussed are summarized in the following table.

ACL set for

Deny access

Usergroup can access:

usergroup?

withoutACL?

 

 

 

 

No

No

All accessible networks

 

 

 

Yes

No

Allowed resource groups

 

 

 

No

Yes

Nothing

 

 

 

Yes

Yes

Allowed resource groups

 

 

 

Specifying Accessible Networks

You must specify which networks the Firebox SSL VPN Gateway can access.

When configuring network access, the most restrictive policy must be configured first and the least restrictive last; for example, you want to allow access to everything on the 10.0.x.x network, but need to deny access to the 10.0.20.x network. Configure network access to 10.0.20.x first and then configure access to the 10.0.x.x network.

To give the Firebox SSL VPN Gateway access to a network

1Click the Global Cluster Policies tab.

2Under Access Options, in Accessible Networks, type a list of networks. Use a space or carriage return to separate the list of networks.

3Click Submit.

Enabling Split Tunneling

You can enable split tunneling on the Global Cluster Policies tab to prevent the Secure Access Client from sending unnecessary network traffic to the Firebox SSL VPN Gateway.

When split tunneling is not enabled, the Secure Access Client captures all network traffic originating from a client computer, and sends the traffic through the VPN tunnel to the Firebox SSL VPN Gateway. If you enable split tunneling, the Secure Access Client sends only traffic destined for networks protected by the Firebox SSL VPN Gateway through the VPN tunnel. The Secure Access Client does not send net- work traffic destined for unprotected networks to the Firebox SSL VPN Gateway.

Administration Guide

57

Page 66 Page 68
Page 67
Image 67
WatchGuard Technologies SSL VPN manual Enabling Split Tunneling, Specifying Accessible Networks
Page 66 Page 68

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.
Top Page Image Contents