Scenario 1: Configuring LDAP Authentication and Authorization
164
Firebox SSL VPN Gateway
This task includes these five procedures:
• Configuring accessible networks
• Creating an LDAP authentication realm
• Creating the appropriate groups on the Firebox SSL VPN Gateway
• Creating and assigning network resources to the user groups
• Creating an application policy for the email server
Each of these procedures is discussed in detail below.
Configuring Accessible Networks
Configuring accessible networks is the first of five procedures the administrator performs to
configure access to the internal network resources in the configuring LDAP authentication and
authorization scenario.
In this procedure, the administrator specifies the internal networks that contain the network
resources that users must access using the Secure Access Client.
In the previous task, the administrator determined that the remote Sales and Engineering users
must have access to the resources on these specific internal networks:
•
The Web conference server, file servers, and email server residing in the network 10.10.0.0/24
•
The server containing the Sales Web application residing in the network 10.60.10.0/24
The administrator specifies these networks as accessible networks. Specifying the accessible
networks enables the Secure Access Client to support split tunneling.
When a user logs on to the Firebox SSL VPN Gateway, the Firebox SSL VPN Gateway sends this list of
networks to the Secure Access Client on the user's computer. The Secure Access Client uses this list
of networks as a filter to determine which outbound packets should be sent to the Firebox SSL VPN
Gateway and which should be sent elsewhere. The Secure Access Client transmits only the packets
bound for the Firebox SSL VPN Gateway through the secure tunnel to the Firebox SSL VPN Gateway.
Note
If you do not want to support split tunneling, you do not need to configure accessible networks.
To configure accessible networks
1
Open the Administration Tool.
2
Click the
Global Cluster Policies
tab.
3
If necessary, select
Enable split tunneling
.
4
In the
Accessible networks
box, enter all of the internal networks that the Firebox SSL VPN
Gateway must access. Separate each network entered with a space or a carriage return. In this
example access scenario, the administrator would make these entries:
10.10.0.0/24
10.60.10.0/24
5
Select the
Enable logon page authentication
check box. This setting requires users to
authenticate when accessing the portal page of the Firebox SSL VPN Gateway with a Web browser.
6
To simplify this example, assume the administrator clears all other check boxes that appear on the
Global Cluster Policies
tab.
For more information about split tunneling, see “Enabling Split Tunneling” on page 57.
For more information about the
Deny Access without ACL
setting, see “Denying Access to Groups
without an ACL” on page 58.
Summary of Contents for SSL 1000
Page 1: ...WatchGuard Firebox SSL VPN Gateway Administration Guide Firebox SSL VPN Gateway...
Page 40: ...Using the Firebox SSL VPN Gateway 30 Firebox SSL VPN Gateway...
Page 118: ...Setting the Priority of Groups 108 Firebox SSL VPN Gateway...
Page 146: ...Managing Client Connections 136 Firebox SSL VPN Gateway...
Page 168: ...Generating Trusted Certificates for Multiple Levels 158 Firebox SSL VPN Gateway...
Page 190: ...180 Firebox SSL VPN Gateway...
Page 198: ...188 Firebox SSL VPN Gateway...