WatchGuard Technologies SSL VPN Water Heater User Manual


 
Administration Guide 43
Connecting Using a Web Address
tication policy check fails, the users receive an error message instructing them to contact their system
administrator.
For more information about pre-authentication policies, see “Global policies” on page 96.
Double-source Authentication Portal Page
When the Firebox SSL VPN Gateway is configured to require users to log on using two types of authenti-
cation, such as LDAP and RSA SecurID, they are directed automatically to the Web page or Secure Access
Client dialog box and users enter their user name and passwords.
Note
When a user logs on using double authentication, the authentication is checked in the opposite order
that is configured in the realm.For example, if the primary authentication type is LDAP and the
secondary is RSA SecurID, the SecureID credentials are checked first, and then the LDAP credentials. If
the user log on fails the first authentication, the second authentication is not checked.
For more information about double-source authentication, see “Configuring Double-Source
Authentication” on page 85.
Connecting Using a Web Address
Users can connect to the Firebox SSL VPN Gateway using a Web browser by typing the Web address,
such as https://vpn.mycompany.com. When the IP address or FQDN of the Firebox SSL VPN Gateway is
entered and double-source authentication is configured, users are routed automatically to the logon
portal page as shown below.
Double-source authentication portal page
After entering the user name, the user then enters the passwords for each authentication type. After the
credentials are entered, the specified portal page appears and the user completes the connection from
this portal page. The connection can be either full access or kiosk mode.
The double-source authentication portal page cannot be customized.
Connecting Using Secure Access Client
Users can connect to the Firebox SSL VPN Gateway using the Secure Access Client that is downloaded
and installed on their computer. When double-source authentication is configured, users see a dialog
box that requires their user name and passwords for each authentication type. After the users enter the
credentials, they click Connect.