Filter
Top Products
Scenario 1: Configuring LDAP Authentication and Authorization
164 Firebox SSL VPN Gateway
This task includes these five procedures:
• Configuring accessible networks
• Creating an LDAP authentication realm
• Creating the appropriate groups on the Firebox SSL VPN Gateway
• Creating and assigning network resources to the user groups
• Creating an application policy for the email server
Each of these procedures is discussed in detail below.
Configuring Accessible Networks
Configuring accessible networks is the first of five procedures the administrator performs to
configure access to the internal network resources in the configuring LDAP authentication and
authorization scenario.
In this procedure, the administrator specifies the internal networks that contain the network
resources that users must access using the Secure Access Client.
In the previous task, the administrator determined that the remote Sales and Engineering users
must have access to the resources on these specific internal networks:
• The Web conference server, file servers, and email server residing in the network 10.10.0.0/24
• The server containing the Sales Web application residing in the network 10.60.10.0/24
The administrator specifies these networks as accessible networks. Specifying the accessible
networks enables the Secure Access Client to support split tunneling.
When a user logs on to the Firebox SSL VPN Gateway, the Firebox SSL VPN Gateway sends this list of
networks to the Secure Access Client on the user's computer. The Secure Access Client uses this list
of networks as a filter to determine which outbound packets should be sent to the Firebox SSL VPN
Gateway and which should be sent elsewhere. The Secure Access Client transmits only the packets
bound for the Firebox SSL VPN Gateway through the secure tunnel to the Firebox SSL VPN Gateway.
Note
If you do not want to support split tunneling, you do not need to configure accessible networks.
To configure accessible networks
1 Open the Administration Tool.
2 Click the Global Cluster Policies tab.
3 If necessary, select Enable split tunneling.
4 In the Accessible networks box, enter all of the internal networks that the Firebox SSL VPN
Gateway must access. Separate each network entered with a space or a carriage return. In this
example access scenario, the administrator would make these entries:
10.10.0.0/24
10.60.10.0/24
5 Select the Enable logon page authentication check box. This setting requires users to
authenticate when accessing the portal page of the Firebox SSL VPN Gateway with a Web browser.
6 To simplify this example, assume the administrator clears all other check boxes that appear on the
Global Cluster Policies tab.
For more information about split tunneling, see “Enabling Split Tunneling” on page 57.
For more information about the Deny Access without ACL setting, see “Denying Access to Groups
without an ACL” on page 58.