Administration Guide
145
Troubleshooting
Defining Accessible Networks
In the
Accessible Networks
field on the
Global Cluster Policies
tab, up to 24 subnets can be defined. If
more than 24 subnets are entered, the Firebox SSL VPN Gateway ignores the additional subnets.
VMWare
If a user logs on to the Secure Access Client from two computers that are running VMWare and VMWare
uses the same MAC address for the two computers, the Firebox SSL VPN Gateway does not allow both
clients to run simultaneously. The Firebox SSL VPN Gateway uses the MAC address to manage licenses
and does not allow more than one client session at a time per MAC address.
ICMP Transmissions
The Firebox SSL VPN Gateway returns a “Request timed out” error message if an ICMP transmission fails
for any reason. The Firebox SSL VPN Gateway always sends a standard ICMP packet to the remote desti-
nation host when a client tries to ping it. Any client options such as increasing the size of the ICMP pay-
load are not recognized by the Firebox SSL VPN Gateway and are not sent to the remote host.
Ping Command
The Firebox SSL VPN Gateway always sends out the same ping command, regardless of the options
specified with the ping command from a client computer.
LDAP Authentication
When the Firebox SSL VPN Gateway is configured to use LDAP authentication and authorization, the
LDAP group information is not used to automatically populate the group field in the Administration
Tool.
End Point Policies
When the Firebox SSL VPN Gateway is evaluating the union of a group’s end point policies, it does not
consider the group priorities and therefore might not resolve conflicting policies correctly. The last pol-
icy appended in an expression is the policy that takes effect. For example, one group has policy Pro-
cessA and another group has policy !ProcessA. If the union of the policies is ProcessA and !ProcessA, the
!ProcessA takes effect.
Network Resources
For added network resources, the Firebox SSL VPN Gateway does not recognize the CIDR notation
address
ipaddress
/0. For example, to add a resource group that provides access to all resources, specify
0.0.0.0/0.0.0.0 instead of 0.0.0.0/0.
Kiosk Connections
For kiosk connections, the Firebox SSL VPN Gateway must have a certificate that is signed by a Sun
Microsystems trusted Certificate Authority.
Client connections using kiosk mode require the installation of Java Runtime Environment (JRE) 1.4+ on
their computer.
Summary of Contents for Firebox SSL Series
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway ...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway ...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway ...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway ...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway ...
Page 190: ...180 Firebox SSL VPN Gateway ...
Page 198: ...188 Firebox SSL VPN Gateway ...