Administration Guide
107
Setting the Priority of Groups
The following two settings are
unioned
together. For these settings, they are combined among all of the
groups of which the user is a member. When these are combined, these are the enforced set of rules
applied to the user. For example, if a user is a member of the sales and support groups, if the sales group
has notepad.exe and calc.exe defined as an end point policy, and if the support groups have just Inter-
net Explorer defined, all of the policies are enforced for the user.
• Kiosk mode configuration, which includes persistent mode, the applications the user can use,
and the default Web address with which the user connects
• End point policies that specify registry settings, processes, or files that must be on the client
computer
If users are members of multiple groups, and IP pooling is enabled in one of those groups, the Firebox
SSL VPN Gateway allocates an IP address from the pool for the first group that has IP pooling enabled.
Groups are initially listed in the order in which they are created.
To set the priority of groups
1
Click the
Group Priority
tab.
2
Select a group that you want to move and use the arrow keys to raise or lower the group in the list.
The group at the top of the list has the highest priority.
To view the group priorities for a user
In the Firebox SSL VPN Gateway Administration Desktop, click the Real-time Monitor icon.
The display lists all groups to which the user belongs and the group with the highest priority.
Configuring Pre-Authentication Policies
Users can be restricted from logging on to the Firebox SSL VPN Gateway using pre-authentication poli-
cies. When users use a Web browser to connect to the Firebox SSL VPN Gateway, before they receive the
logon dialog box, the pre-authentication policy scans the client computer. If the scan fails, users are pre-
vented from logging on. To log on to the Web portal, the client needs to install the correct applications.
To create pre-authentication policies
1
Click the
Access Policy Manager
tab.
2
Under
End Point Policies
, click the configured policy and drag it to
Pre-Authentication Policies
in
the left pane (located under the
Global Policies
policy node).
To create and configure end point resources and policies, see “Configuring End Point Policies and
Resources”.
Summary of Contents for Firebox SSL Series
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway ...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway ...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway ...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway ...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway ...
Page 190: ...180 Firebox SSL VPN Gateway ...
Page 198: ...188 Firebox SSL VPN Gateway ...