Manual Do Utilizadoríndice analíticoCHAPTER 1 Getting Started with Firebox SSL VPN Gateway1Audience1Operating System Requirements1Document Conventions2LiveSecurity Service Solutions2LiveSecurity Service Broadcasts3Activating LiveSecurity Service4LiveSecurity Service Self Help Tools4WatchGuard Users Forum5Online Help6Product Documentation6Technical Support6LiveSecurity Service technical support6LiveSecurity Gold7Firebox Installation Service7VPN Installation Service7Training and Certification7CHAPTER 2 Introduction to Firebox SSL VPN Gateway9Overview9New Features11Authentication and one-time passwords11New versions of the Secure Access Client11Configurable symmetric encryption ciphers11Automatic detection of proxy server settings11Secure Access Client connections12Automatic port redirection12Disable desktop sharing12Additional control over Secure Access Client connections12Disable kiosk mode12Specify multiple ports and port ranges for network resources12Voice over IP softphone support12Editable HOSTS file12NTLM authentication and authorization support.13Added challenge-response to RADIUS user authentication13authentication13Updated serial console menu13Features13Administration Tool13Firebox SSL VPN Gateway Settings14Feature Summary16The User Experience16Deployment and Administration17Planning your deployment18Deploying the Firebox SSL VPN Gateway in the Network DMZ18Deploying the Firebox SSL VPN Gateway in a Secure Network18Planning for Security with the Firebox SSL VPN Gateway19Configuring Secure Certificate Management19Authentication Support19Deploying Additional Appliances for Load Balancing and Failover20Installing the Firebox SSL VPN Gateway for the First Time20Getting Ready to Install the Firebox SSL VPN Gateway20Setting Up the Firebox SSL VPN Gateway Hardware21Configuring TCP/IP Settings for the Firebox SSL VPN Gateway21Redirecting Connections on Port 80 to a Secure Port24Using the Firebox SSL VPN Gateway24The Firebox SSL VPN Gateway operates as follows:24Starting the Secure Access Client25Enabling Single Sign-On Operation for the Secure Access Client25Establishing the Secure Tunnel26Tunneling Destination Private Address Traffic over SSL or TLS26Operation through Firewalls and Proxies26Terminating the Secure Tunnel and Returning Packets to the Client27Using Kiosk Mode28Connecting to a Server Load Balancer28CHAPTER 3 Configuring Basic Settings31Firebox SSL VPN Gateway Administration Desktop32To open the Administration Portal and Administrative Desktop32Using the Administration Portal32Downloads Tab32Admin Users Tab33Logging Tab33Maintenance Tab33Using the Serial Console33To open the serial console34Using the Administration Tool34To download and install the Administration Tool34Publishing Settings to Multiple Firebox SSL VPN Gateways35To publish Firebox SSL VPN Gateway settings35Product Activation and Licensing35Upgrading the tunnel and tunnel upgrade license35Upgrading the LiveSecurity Renewal and Tunnel Renewal license36Managing Licenses36To manage licenses on the Firebox SSL VPN Gateway36To install a license file37Information about Your Licenses37Testing Your License Installation37Blocking External Access to the Administration Portal38To block external access to the Administration Portal38Using Portal Pages38Using the Default Portal Page38Downloading and Working with Portal Page Templates39To download the portal page templates to your local computer40To work with the templates for Windows and Linux users40Using the ActiveX Control40Installing Custom Portal Files on the Firebox SSL VPN Gateway40Enabling Portal Page Authentication41To enable portal page authentication41Linking to Clients from Your Web Site41Multiple Log On Options using the Portal Page42Pre-Authentication Policy Portal Page42Double-source Authentication Portal Page43Connecting Using a Web Address43Connecting Using Secure Access Client43Saving and Restoring the Configuration44To save the Firebox SSL VPN Gateway configuration44To restore a saved configuration44Upgrading the Firebox SSL VPN Gateway Software44To upgrade the Firebox SSL VPN Gateway44Restarting the Firebox SSL VPN Gateway45To restart the Firebox SSL VPN Gateway45Shutting Down the Firebox SSL VPN Gateway45To shut down the Firebox SSL VPN Gateway45Firebox SSL VPN Gateway System Date and Time45To change the system date and time46Network Time Protocol46Allowing ICMP traffic46To enable ICMP traffic46CHAPTER 4 Configuring Firebox SSL VPN Gateway Network Connections47Configuring Network Information47General Networking48Name Service Providers50To enable split DNS50To edit the HOSTS file50Dynamic and Static Routing51Configuring Network Routing51Configuring Dynamic Routing52Enabling RIP Authentication for Dynamic Routing52Changing from Dynamic Routing to Static Routing53Configuring a Static Route53Static Route Example54Configuring Firebox SSL VPN Gateway Failover55To specify Firebox SSL VPN Gateway failover55Configuring Internal Failover55Controlling Network Access56Configuring Network Access56Specifying Accessible Networks57Enabling Split Tunneling57To enable split tunneling58Configuring User Groups58Denying Access to Groups without an ACL58To deny access to user groups without an ACL59Improving Voice over IP Connections59Enabling Improving Voice over IP Connections59To improve latency for UDP traffic60CHAPTER 5 Configuring Authentication and Authorization61Configuring Authentication and Authorization61Configuring Authentication without Authorization63The Default Realm63Using a Local User List for Authentication63Configuring Local Users64Adding Users to Multiple Groups64Changing Password for Users64Using LDAP Authorization with Local Authentication65Changing the Authentication Type of the Default Realm65Configuring the Default Realm65Creating Additional Realms66Removing Realms67Using SafeWord for Authentication67Configuring Secure Computing SafeWord Authentication67Configuring SafeWord Settings on the Access Gateway67To disable Firebox SSL VPN Gateway authentication68SafeWord PremierAccess Authorization68Using SafeWord for Citrix or SafeWord RemoteAccess for Authentication68To configure the IAS RADIUS realm69Using RADIUS Servers for Authentication and Authorization69To configure Microsoft Internet Authentication Service for Windows 2000 Server70To specify RADIUS server authentication72To configure RADIUS authorization72Choosing RADIUS Authentication Protocols72Using LDAP Servers for Authentication and Authorization73LDAP authentication73To configure LDAP authentication74LDAP Authorization75Group memberships from group objects working evaluations76Group memberships from group objects non-working evaluations76LDAP authorization group attribute fields76To configure LDAP authentication76To configure LDAP authorization77Using certificates for secure LDAP connections78Determining Attributes in your LDAP Directory78Using RSA SecurID for Authentication79To generate a sdconf.rec file for the Firebox SSL VPN Gateway80Enable RSA SecurID authentication for the Firebox SSL VPN Gateway81Configuring RSA Settings for a Cluster82Resetting the node secret82Configuring Gemalto Protiva Authentication82Configuring NTLM Authentication and Authorization83Configuring NTLM Authorization84Configuring Authentication to use One-Time Passwords84Configuring Double-Source Authentication85To create and configure a double-source authentication realm85Changing Password Labels86CHAPTER 6 Adding and Configuring Local Users and User Groups87Adding Local Users87To create a user on the Firebox SSL VPN Gateway87To delete a user from the Firebox SSL VPN Gateway88User Group Overview88Creating User Groups89To create a local user group89To remove a user group89Configuring Properties for a User Group90Default group properties90Forcing Users to Log on Again90Configuring Secure Access Client for single sign-on91Enabling domain logon scripts91Enabling session time-out92Configuring Web Session Time-Outs93Disabling Desktop Sharing93Setting Application Options93Enabling Split DNS94Enabling IP Pooling94Choosing a portal page for a group95Client certificate criteria configuration95Global policies96Configuring Resources for a User Group96Adding Users to Multiple Groups98Allowing and denying network resources and application policies98Defining network resources99Allowing and Denying Network Resources and Application Policies100Application policies101Configuring file share resources102Configuring kiosk mode103End point resources and policies104Configuring an end point policy for a group105Setting the Priority of Groups106Configuring Pre-Authentication Policies107CHAPTER 7 Creating and Installing Secure Certificates109Generating a Secure Certificate for the Firebox SSL VPN Gateway109Digital Certificates and Firebox SSL VPN Gateway Operation110Overview of the Certificate Signing Request110Password-Protected Private Keys110Creating a Certificate Signing Request111Installing a Certificate and Private Key from a Windows Computer112Installing Root Certificates on the Firebox SSL VPN Gateway112Installing Multiple Root Certificates113Creating Root Certificates Using a Command Prompt113Resetting the Certificate to the Default Setting113Client Certificates114To require client certificates114Installing Root Certificates115Obtaining a Root Certificate from a CertificateAuthority115Installing Root Certificates on a Client Device115Selecting an Encryption Type for Client Connections115Requiring Certificates from Internal Connections116To require server certificates for internal client connections116Wildcard Certificates116CHAPTER 8 Working with Client Connections117System Requirements117Operating Systems117Web Browsers117Using the Access Portal118To connect using the default portal page118Connecting from a Private Computer119Tunneling Private Network Traffic over Secure Connections120Operation through Firewalls and Proxies121Terminating the Secure Tunnel and Returning Packets to the Client121ActiveX Helper122Using the Secure Access Client Window122Configuring Proxy Servers for the Secure Access Client125Configuring Secure Access Client to Work with Non-Administrative Users126Connecting from a Public Computer126Connections Using Kiosk Mode126Creating a Kiosk Mode Resource127Working with File Share Resources128Client Applications129To enable client applications129Firefox Web Browser130Remote Desktop client130SSH Client130Telnet 3270 Emulator Client131VNC Client131Gaim Instant Messenging131Supporting Secure Access Client132Managing Client Connections133Connection handling133Closing a connection to a resource134Disabling and enabling a user134Configuring Authentication Requirements after Network Interruption134APPENDIX A Firebox SSL VPN Gateway Monitoring and Troubleshooting137Viewing and Downloading System Message Logs137To view and filter the system log137Forwarding System Messages to a Syslog Server138To forward Firebox SSL VPN Gateway system messages to a syslog server138Viewing the W3C-Formatted Request Log138Enabling and Viewing SNMP Logs139To enable logging of SNMP messages139Multi Router Traffic Grapher Example139Viewing System Statistics140Monitoring Firebox SSL VPN Gateway Operations140To open the Firebox SSL VPN Gateway Administration Desktop141Recovering from a Failure of the Firebox SSL VPN Gateway141Reinstalling v 4.9 application software142Backing up your configuration settings142Upgrading to SSL v 5.0142Upgrading to SSL v 5.5142Launching the v 5.5 Administration Tool143Troubleshooting143Troubleshooting the Web Interface143Other Issues144APPENDIX B Using Firewalls with Firebox SSL VPN Gateway149BlackICE PC Protection150McAfee Personal Firewall Plus150Norton Personal Firewall151Sygate Personal Firewall (Free and Pro Versions)151Tiny Personal Firewall151ZoneAlarm Pro152APPENDIX C Installing Windows Certificates153To install Cygwin153Unencrypting the Private Key154To unencrypt the private key154Converting to a PEM-Formatted Certificate155To convert the certificate from PKCS7 to PEM format155Combining the Private Key with the Signed Certificate155To combine the private key with the signed certificate156Generating Trusted Certificates for Multiple Levels156To generate trusted certificates for multiple levels156APPENDIX D Examples of Configuring Network Access159Scenario 1: Configuring LDAP Authentication and Authorization160Preparing for the LDAP Authentication and Authorization Configuration160Resources163Scenario 2: Creating Guest Accounts Using the Local Users List169Creating a Guest User Authentication Realm170Creating Local Users171Creating and Assigning a Network Resource to the Default User Group171Scenario 3: Configuring Local Authorization for Local Users172APPENDIX E Legal and Copyright Information173Tamanho: 2 MBPáginas: 195Language: EnglishAbrir o manual