To enable split tunneling

Denying Access to Groups without an ACL

When you enable split tunneling, you must enter a list of accessible networks on the Global Cluster Policies tab. The list of accessible networks must include all internal networks and subnetworks that the user may need to access with the Secure Access Client.

The Secure Access Client uses the list of accessible networks as a filter to determine whether or not packets transmitted from the client computer should be sent to the Firebox SSL VPN Gateway.

When the Secure Access Client starts, it obtains the list of accessible networks from the Firebox SSL VPN Gateway. The Secure Access Client examines all packets transmitted on the network from the cli- ent computer and compares the addresses within the packets to the list of accessible networks. If the destination address in the packet is within one of the accessible networks, the Secure Access Client sends the packet through the VPN tunnel to the Firebox SSL VPN Gateway. If the destination address is not in an accessible network, the packet is not encrypted and the client routes the packet appropri- ately.

1Click the Global Cluster Policies tab.

2Under Access Options, click Enable Split Tunneling.

3In Accessible Networks, type the IP addresses. Use a space or carriage return to separate the list of networks.

4Click Submit.

Configuring User Groups

User groups define the resources the user has access to when connecting to the corporate network through the Firebox SSL VPN Gateway. Groups are associated with the local users list. After adding local users to a group, you can then define the resources they have access to on the Access Policy Manager tab. For more information about configuring local users, see “Configuring Properties for a User Group” on page 90.

When you enable authorization on the Firebox SSL VPN Gateway, user group information is obtained from the authentication server after a user is authenticated. If the group name that is obtained from the authentication server matches a group name created locally on the Firebox SSL VPN Gateway, the prop- erties of the local group are used for the matching group obtained from the authentication servers.

Note

Important: Group names on authentication servers and on the Firebox SSL VPN Gateway must be identical and they are case-sensitive

Denying Access to Groups without an ACL

Each user should belong to at least one group that is defined locally on the Firebox SSL VPN Gateway. If a user does not belong to a group, the overall access of the user is determined by using access control lists (ACLs) that are defined by the Deny access without access control list (ACL) setting as follows:

If the Deny Access option is enabled, the user cannot establish a connection If the Deny Access option is disabled, the user has full network access

In either case, the user can use kiosk mode, but network access within that session is determined by the Deny access without access control list (ACL) setting.

58	Firebox SSL VPN Gateway

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.

WatchGuard Technologies SSL VPN Denying Access to Groups without an ACL, Configuring User Groups

Models: SSL VPN