Connecting from a Private Computer
122
Firebox SSL VPN Gateway
sends its known local IP address to the server by means of a custom client-server protocol. For these
applications, the Secure Access Client provides the local client application a private IP address represen-
tation, which the Firebox SSL VPN Gateway uses on the internal network. Many real-time voice applica-
tions and FTP use this feature.
Clients can access resources on the corporate network by connecting through the Firebox SSL VPN
Gateway from their own computer or from a public computer.
ActiveX Helper
When the user connects to the Web Interface portion of the Firebox SSL VPN Gateway and logs on,
net6helper.cab and ActiveX control are installed. This file provides three main functions:
• It launches the client from the Web page instead of having to manually download the executable
and then launching the Secure Access Client.
• It performs pre-authentication checks for the Web page.
• It provides single sign-on. When the Secure Access Client is started from the Web page, the
Secure Access Client does not prompt the user to log on again.
Using the Secure Access Client Window
To enable users to connect to and use the Firebox SSL VPN Gateway, you need to provide them with the
following information:
• Firebox SSL VPN Gateway Web address, such as https://
AccessGatewayFQDN
/.
If a user needs access from a computer that is not running Windows 2000 or above or Linux, but is running a Java
Virtual Machine (JVM) 1.5 or higher, the user can use the Java applet version of the kiosk. The Web address for
connecting to the Java applet version of the kiosk is: https://AccessGateway/vpn_portal-javaonly.html
•
The authentication realm name required for logon (if you use realms other than the realm named
Default).
•
Path to any network drives that the users can access, which is done by mapping a network drive on
their computer.
•
Any system requirements for running the Secure Access Client if you configured end point resources
and policies.
Depending on the configuration of a remote user’s system, you might also need to provide additional
information:
•
To start the Secure Access Client
,
Windows 2000 users must be a local administrator or a member of
the Administrators group to install programs on their computer. This restriction applies to Windows
XP for first-time installation only, not for upgrades.
•
If a user runs a firewall on the remote computer, the user might need to change the firewall settings so
that it does not block traffic to or from the IP addresses corresponding to the resources for which you
granted access. The Secure Access Client automatically handles Internet Connection Firewall in
Windows XP and Windows Firewall in Windows XP Service Pack 2. For information about configuring a
variety of popular firewalls, see “Using Firewalls with Firebox SSL VPN Gateway” on page 149.
•
Users who want to send traffic to FTP over the Firebox SSL VPN Gateway connection must set their FTP
application to perform passive transfers. A passive transfer means that the remote computer
establishes the data connection to your FTP server, rather than your FTP server establishing the data
connection to the remote computer.
•
Users who want to run X client applications across the connection must run an X server, such as
XManager, on their computers.
• Because users work with files and applications just as if they were local to the organization’s
network, no retraining of users or configuration of applications is needed.
Summary of Contents for Firebox SSL Series
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway ...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway ...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway ...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway ...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway ...
Page 190: ...180 Firebox SSL VPN Gateway ...
Page 198: ...188 Firebox SSL VPN Gateway ...