WatchGuard Technologies SSL VPN Benutzerhandbuch
Requiring Certificates from Internal Connections
116
Firebox SSL VPN Gateway
3
Click Submit.
Requiring Certificates from Internal Connections
To increase security for connections originating from the Firebox SSL VPN Gateway to your internal net-
work, you can require the Firebox SSL VPN Gateway to validate SSL server certificates. Previous versions
of the Firebox SSL VPN Gateway did not validate the SSL server certificate presented by the Web Inter-
face and the Secure Ticket Authority. Validating SSL server certificates is an important security measure
as it can help prevent security breaches, such as man-in-the-middle attacks.
The Firebox SSL VPN Gateway requires installing the proper root certificates that are used to sign the
server certificates.
To install root certificates,
work, you can require the Firebox SSL VPN Gateway to validate SSL server certificates. Previous versions
of the Firebox SSL VPN Gateway did not validate the SSL server certificate presented by the Web Inter-
face and the Secure Ticket Authority. Validating SSL server certificates is an important security measure
as it can help prevent security breaches, such as man-in-the-middle attacks.
The Firebox SSL VPN Gateway requires installing the proper root certificates that are used to sign the
server certificates.
To install root certificates,
On the Cluster Config tab, select Administration > Manage Trusted root CA certificates
To require server certificates for internal client connections
On the Global Cluster Policies tab, under SSL Options, select Validate SSL Certificates for
Internal Connections.
Internal Connections.
Wildcard Certificates
The Firebox SSL VPN Gateway supports validation of wildcard certificates for Secure Access Clients. The
wildcard certificate has an asterisk (*) in the certificate name. Wildcard certificates can be formatted in
one of two ways, such as *.mycompany.com or www*.mycompany.com. When a wildcard certificate is
used, clients can choose different Web addresses, such as http://www1.mycompany.com or
wildcard certificate has an asterisk (*) in the certificate name. Wildcard certificates can be formatted in
one of two ways, such as *.mycompany.com or www*.mycompany.com. When a wildcard certificate is
used, clients can choose different Web addresses, such as http://www1.mycompany.com or
http://www2.mycompany.com. The use of a wildcard certificate allows several Web sites to be covered
by a single certificate.
by a single certificate.