Administration Guide
147
Troubleshooting
Devices Cannot Communicate with the Firebox SSL VPN Gateway
Verify that the following are correctly set up:
• The External Public Address specified on the
General Networking
tab in the Firebox SSL VPN
Gateway Administration Tool is available outside of your firewall
• Any changes made in the Firebox SSL VPN Gateway serial console or Administration Tool were
submitted
Using Ctrl-Alt-Delete to Restart the Firebox SSL VPN Gateway Fails
The restart function on the Firebox SSL VPN Gateway is disabled. You must use the Firebox SSL VPN
Gateway Administration Tool to restart and shut down the device.
SSL Version 2 Sessions and Multi-Level Certificate Chains
If intermediate (multi-level) certificates are part of your secure certificate upload, make sure that the
intermediate certificates are part of the certificate file you are uploading. SSL Version 2 does not support
certificate chaining. Any certificate that has more than one level must include all intermediate certifi-
cates or the system may become unusable. For information about how to add intermediate certificates
to the uploaded certificate file, see “Generating Trusted Certificates for Multiple Levels” on page 156.
H.323 Protocol
The Firebox SSL VPN Gateway does not support the H.323 protocol. Applications that use the H.323 pro-
tocol, such as Microsoft’s NetMeeting, cannot be used with the Firebox SSL VPN Gateway.
Certificates Using 512-bit keypairs
When configuring certificates, do not use 512-bit keypairs. They are subject to brute force attacks.
Secure Access Client
The following are issues with the Secure Access Client.
Secure Access Client Connections with Windows XP
If a user makes a connection to the Firebox SSL VPN Gateway using Windows XP, logs off the computer
without first disconnecting the Secure Access Client, and then logs on again, the Internet connection is
broken. To restore the Internet connection, restart the computer.
DNS Name Resolution Using Named Service Providers
If clients without administrative privileges use Windows 2000 Professional or Windows XP to connect to
the Firebox SSL VPN Gateway, DNS name resolution may fail if the client is using the Name Service Pro-
vider. To correct the problem, connect using the IP address of the computer instead of the DNS name.
Auto-Update Feature
The Secure Access Client auto-update feature does not work if the client is configured to connect
through a proxy server.
Summary of Contents for Firebox SSL Series
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway ...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway ...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway ...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway ...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway ...
Page 190: ...180 Firebox SSL VPN Gateway ...
Page 198: ...188 Firebox SSL VPN Gateway ...