Administration Guide
133
Managing Client Connections
An email template is provided that includes the information discussed in this section. The template is
available from the Downloads page of the Administration Portal. Customize the text for your site and
then send the text in an email to users.
Note
To install the Secure Access Client from inside the firewall, go to the portal page and use the
Click here
to download the client installer
link to download the client. The first time that the client is run from
inside the firewall, point the client to the internal IP address of the Firebox SSL VPN Gateway by right-
clicking the Secure Access Client logon and then choosing
Advanced Options
.
Managing Client Connections
The Real-time Monitor lists the open VPN connections by user name and MAC address. For each user,
the type of connection by protocol (such as TCP or UDP) is also listed. The Target IP and Target Port pro-
vide additional information about the connection. For example, connections to port 21 are FTP connec-
tions and connections to port 23 are Telnet connections.
The connections can be managed as follows:
• You can close a connection, such as TCP or UDP.
For example, suppose that a user has a TCP connection to a Target IP (perhaps a mapped drive) that
should be off-limits to the user. You can correct the access control list (ACL) for the user’s group and
then close the TCP connection. For more information about ACL management, see “Adding Local
Users” on page 87. If you do not correct the ACL before closing the connection, the user can
reestablish the TCP connection.
Note
The Firebox SSL VPN Gateway maintains connections to Target IP 0.0.0.0 that are required for VPN
operations. Closing any of those connections temporarily closes a connection.
• You can disable a user’s connection and prevent subsequent logon from that user at the listed
MAC address. The user can log on from a different MAC address.
• You can reenable a user name/MAC address combination.
Connection handling
If a user abruptly disconnects the network or puts the computer in hibernate or standby mode, the SSL/
TCP connection to the Firebox SSL VPN Gateway is terminated after 10 minutes. A shorter wait period
penalizes users who have slow network connections.
This handling of connections results in the following:
• The user might continue to appear active in the Firebox SSL VPN Gateway Real-time Monitor for
10 minutes, after which the connection is terminated.
• The inactive user occupies a license until the wait period expires and the connection is closed.
Suppose that you have a license for10 users and all 10 users are logged onto the Firebox SSL VPN
Gateway, leaving no available licenses. If one of the active users goes into standby mode, that
user’s license is not available for 10 minutes.
The wait period does not apply to connections that are terminated through the Real-Time Monitor.
Summary of Contents for Firebox SSL Series
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway ...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway ...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway ...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway ...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway ...
Page 190: ...180 Firebox SSL VPN Gateway ...
Page 198: ...188 Firebox SSL VPN Gateway ...