Watchguard SSL User guide

WatchGuard SSL 100

User Guide

WatchGuard SSL Web UI v3.0

WatchGuard SSL 100

ii WatchGuard SSL 100

Notice to Users

Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are

fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means,

electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc.

Guide revision: June 26, 2009

Copyright, Trademark, and Patent Information

herein, if any, are the property of their respective owners.

This product is for indoor use only.

WatchGuard, the WatchGuard logo, LiveSecurity, and any other mark listed as a trademark in the “Terms of Use” portion of

the WatchGuard Web site that is used herein are either registered trademarks or trademarks of WatchGuard Technologies,

Inc. and/or its subsidiaries in the United States and/or other countries. All other trademarks are the property of their

respective owners.

Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT®, Windows® 2000, Windows® XP, and Windows®

Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and

“OpenVPN” is a trademark of OpenVPN Solutions LLC.

Complete copyright, trademark, patent, and licensing information can be found in the Copyright and Licensing Guide,

available online:

http://www.watchguard.com/help/documentation/

User Guide iii

Table of Contents

Chapter 1 Getting Started .......................................................................................................................... 1

Before you begin.................................................................................................................................................... 1

Use the Quick Setup Wizard to set up a basic configuration ................................................................. 2

Next steps after installation................................................................................................................................ 3

Get a feature key..................................................................................................................................................... 5

Restore the factory default settings ................................................................................................................ 6

About the WatchGuard SSL Web UI ................................................................................................................ 7

Customize your Application Portal.................................................................................................................. 9

Customize and brand the WatchGuard SSL Web UI and Application Portal............................... 9

Add the Access Client installer link in the Application Portal ........................................................ 19

About WatchGuard LiveSecurity Service.................................................................................................... 20

Support Information .......................................................................................................................................... 22

Chapter 2 Monitor System ....................................................................................................................... 23

About Monitor System ...................................................................................................................................... 23

About the System Status page....................................................................................................................... 25

System overview............................................................................................................................................. 26

Network status ................................................................................................................................................ 28

Authentication status ................................................................................................................................... 29

Events status .................................................................................................................................................... 30

Device status .................................................................................................................................................... 31

Network tools .................................................................................................................................................. 32

Manage Settings............................................................................................................................................. 34

View administrator activities...................................................................................................................... 35

About user sessions............................................................................................................................................ 36

Manage search and display settings ....................................................................................................... 39

About Alerts .......................................................................................................................................................... 39

Add an alert ...................................................................................................................................................... 40

Edit and delete alerts .................................................................................................................................... 44

Manage global alert settings...................................................................................................................... 45

Manage Logging ................................................................................................................................................. 48

Manage global logging settings............................................................................................................... 51

Use Log Viewer..................................................................................................................................................... 53

About Reports ...................................................................................................................................................... 55

Abolishment report ....................................................................................................................................... 56

Assessment report ......................................................................................................................................... 57

iv WatchGuard SSL 100

Session Trend report ..................................................................................................................................... 57

Access report.................................................................................................................................................... 58

Authentication report................................................................................................................................... 58

Authorization report ..................................................................................................................................... 59

Account Statistics report ............................................................................................................................. 59

Communication report................................................................................................................................. 60

Performance report ....................................................................................................................................... 60

Tunnel report ................................................................................................................................................... 61

System Report ................................................................................................................................................. 61

Alerts report ..................................................................................................................................................... 61

Complete report ............................................................................................................................................. 62

Manage report database settings ............................................................................................................ 62

About the diagnostics file ................................................................................................................................ 63

About the feature key........................................................................................................................................ 64

Upload a new feature key............................................................................................................................ 66

Live Update ........................................................................................................................................................... 67

Chapter 3 User Management ................................................................................................................... 69

About User Management................................................................................................................................. 69

User accounts .................................................................................................................................................. 70

User groups ...................................................................................................................................................... 70

External Directory Service ........................................................................................................................... 70

Self Service........................................................................................................................................................ 70

About user accounts .......................................................................................................................................... 71

Manually add a user account ..................................................................................................................... 72

Import user accounts .................................................................................................................................... 74

Link to a user account................................................................................................................................... 75

Repair a linked user account ...................................................................................................................... 75

Edit user accounts .......................................................................................................................................... 76

Manage Global User Account Settings................................................................................................... 77

About user groups.............................................................................................................................................. 80

Add a user group............................................................................................................................................ 80

Search, edit, or delete user groups .......................................................................................................... 81

About the External Directory Service........................................................................................................... 83

Add an External Directory Service location .......................................................................................... 83

Edit an External Directory Service Location.......................................................................................... 86

About Self Service............................................................................................................................................... 88

Manage Self Service Settings ..................................................................................................................... 89

Modify System Challenges.......................................................................................................................... 91

Chapter 4 Resource Access ...................................................................................................................... 93

About Resource Access..................................................................................................................................... 93

Resources .......................................................................................................................................................... 93

Client firewall ................................................................................................................................................... 93

Access rules ...................................................................................................................................................... 93

Application Portal........................................................................................................................................... 94

SSO domains .................................................................................................................................................... 94

About Resources ................................................................................................................................................. 94

Manage Standard Resources...................................................................................................................... 94

Manage Tunnel Resource Hosts................................................................................................................ 99

Manage Tunnel Sets.................................................................................................................................... 103

Manage Global Tunnel Set Settings ...................................................................................................... 110

Manage Tunnel Resource Networks................................................................................................

...... 112

Manage Web Resource Hosts .................................................................................................................. 114

User Guide v

Manage Global Resource Settings ......................................................................................................... 120

About client firewalls ....................................................................................................................................... 128

Manage Internet Firewall Configurations............................................................................................ 130

About access rules ............................................................................................................................................ 134

Manage Access Rules.................................................................................................................................. 134

Manage Global Access Rules.................................................................................................................... 138

About the Application Portal........................................................................................................................ 139

Manage Application Portal Items........................................................................................................... 140

About SSO domains ......................................................................................................................................... 142

Manage SSO Domains ................................................................................................................................ 143

Chapter 5 Manage System ..................................................................................................................... 147

About Manage System.................................................................................................................................... 147

About authentication methods ................................................................................................................... 149

About WatchGuard SSL authentication methods ............................................................................ 150

About other authentication methods .................................................................................................. 151

Add an authentication method .............................................................................................................. 152

Manage an Authentication Method ...................................................................................................... 154

Manage global authentication service settings................................................................................ 161

Manage RADIUS configuration ............................................................................................................... 166

About certificates.............................................................................................................................................. 171

Add a Certificate Authority ....................................................................................................................... 171

Add a server certificate............................................................................................................................... 174

Edit or delete a Server Certificate ........................................................................................................... 175

Manage client certificate settings .......................................................................................................... 176

About Abolishment.......................................................................................................................................... 176

Configure General Settings ...................................................................................................................... 178

Configure Cache Cleaner settings.......................................................................................................... 179

Configure Advanced settings .................................................................................................................. 180

About Assessment ............................................................................................................................................ 181

General Settings............................................................................................................................................ 183

Advanced Settings....................................................................................................................................... 184

About notification settings............................................................................................................................ 186

Configure the email notification channel............................................................................................ 186

Configure the SMS notification channel.............................................................................................. 187

Add or remove SMS plug-ins ................................................................................................................... 194

Manage Client Definitions ............................................................................................................................. 195

Add a client definition ................................................................................................................................ 196

Edit or delete a client definition.............................................................................................................. 197

About delegated management ................................................................................................................... 198

About administrative privileges.............................................................................................................. 199

Manage administrative roles.................................................................................................................... 200

About the Administration Service............................................................................................................... 203

Manage Global Service Settings ............................................................................................................. 204

Restart the Administration service......................................................................................................... 206

Manage Device settings ................................................................................................................................. 207

General settings for the application portal......................................................................................... 208

Performance settings.................................................................................................................................. 210

Cipher Suite settings ..........................................................................................................

......................... 212

Advanced settings ....................................................................................................................................... 214

Update the Device ............................................................................................................................................ 216

Update the OS ............................................................................................................................................... 216

Configure the system time and set the time zone ........................................................................... 217

Restore factory default settings .............................................................................................................. 218

vi WatchGuard SSL 100

Reinitialize the Local User Database...................................................................................................... 218

Reboot the device ........................................................................................................................................ 219

Network Configuration ................................................................................................................................... 219

Configure network routes ......................................................................................................................... 221

Restore a saved configuration...................................................................................................................... 222

Manage saved configuration settings .................................................................................................. 223

Import or export the configuration ............................................................................................................ 224

Chapter 6 Access Client .......................................................................................................................... 227

About the Access Client.................................................................................................................................. 227

Launch the Access Client........................................................................................................................... 227

About the Access Client menu..................................................................................................................... 228

Edit Access Client preferences................................................................................................................. 229

Manage Access Client favorites............................................................................................................... 231

Check Access Client status........................................................................................................................ 233

End your SSL VPN session .............................................................................................................................. 233

Install the Access Client .................................................................................................................................. 234

Use ESSP to link directly to a resource....................................................................................................... 236

User Guide 1

1

Getting Started

Before you begin

Before you install your WatchGuard SSL device, make sure you verify the basic components and get a feature

key, as described in the subsequent sections.

Verify basic components

Make sure that you have these items:

 A computer with a 10/100BaseT Ethernet network interface card and a web browser installed

 WatchGuard SSL 100 device

 Ethernet cable

 Power cable

Get a WatchGuard device feature key

To enable all of the features on your WatchGuard SSL device, you must activate the device on the WatchGuard

LiveSecurity web site and retrieve your feature key file. You can upload your feature key in the Quick Setup

Wizard if you register your device before you start the wizard. Or, you can complete the wizard without a

feature key. The SSL device only allows one authenticated user until you upload a feature key to the device.

For instructions, see “Get a feature key” on page 5.

Getting Started

2 WatchGuard SSL 100

Use the Quick Setup Wizard to set up a basic

configuration

The Quick Setup Wizard helps you set up a basic network configuration for your WatchGuard SSL 100. Use the

Quick Setup Wizard to set up the device for the first time, or after you reset the device to factory default

settings.

Before you start the Quick Setup Wizard, make sure you:

 Register your WatchGuard SSL 100 with LiveSecurity Service

 Save a copy of your feature key file from the LiveSecurity web site to your computer and extract the

feature key from the compressed file

For more information, see “Getting Started” on page 1.

Run the Quick Setup Wizard

1. Make sure your computer is configured to use a static IP address on the 192.168.111.0/24 network.

2. Connect the Ethernet interface on your computer to Eth1 on the WatchGuard SSL device.

3. Plug the power cord into the WatchGuard device power input and into a power source.

4. Power on the WatchGuard SSL 100.

5. Open a web browser and type:

https://192.168.111.1:8443

The Quick Setup Wizard begins.

6. Upload your feature key file, if you have it.

If you do not upload a feature key file, only one authenticated user can get access to the device. If you do not have

a feature key, you can continue with the wizard, and then upload a feature key from the Web UI after you finish

the wizard.

7. Set the time zone and system time settings.

8. Create the Super Administrator credentials. These credentials do not have to correspond to an existing

user in a directory service.

The Super Administrator password must meet these password policy requirements:

 The password must be at least six characters long

 The password must include characters from at least three of the following four categories:

o English uppercase characters (from A through Z)

o English lowercase characters (from a through z)

o Base-10 digits (from 0 through 9)

o Non-alphanumeric characters (for example: !, $, #, or %)

9. Select the network configuration mode. The choices are:

Single Interface mode (default)

Select this mode if you want to connect the WatchGuard SSL device to one network DMZ. In

single interface mode, only the Eth0 interface is active.

The default IP address on the WatchGuard SSL 100 is 192.168.111.1. Do not use 192.168.111.1 on

your own computer.

Because the WatchGuard SSL 100 uses a self-signed certificate, you may see a certificate warning in

your browser. It is safe to ignore the warning (Internet Explorer) or add a certificate exception

(Mozilla Firefox).

User Guide 3

Getting Started

Dual Interface mode

Select this mode if you want to connect the WatchGuard SSL device to two separate networks (for

example, two different DMZ networks). In dual interface mode, both the Eth0 and Eth1 interfaces

are active.

10. Type the network address information for each interface you enabled.

After you complete the wizard, the device restarts with the settings you configured.

Connect the WatchGuard SSL device to your network

After you complete the Quick Setup Wizard, connect the WatchGuard SSL device to your network.

1. Connect the WatchGuard SSL device to your network. If you selected single interface mode, connect

the WatchGuard SSL 100 to your network with Eth0. If you selected dual interface mode, connect the

WatchGuard SSL 100 to your network with both Eth0 and Eth1.

2. Reset the IP address on your computer back to its original IP address and connect your computer to

the network.

You can now use the WatchGuard SSL Web UI to continue configuration, management, and monitoring tasks.

For more information, see “Next steps after installation” on page 3.

Next steps after installation

After you complete basic configuration you can use the WatchGuard SSL Web UI to continue configuration,

management, and monitoring tasks. Before you get started, make sure that you have:

 Connected the WatchGuard SSL device to your network

 Connected your computer to the network

 Reset the IP address of your computer

Connect to the WatchGuard SSL Web UI

The interface that you use to connect to the WatchGuard SSL Web UI is different for each network type. The

WatchGuard SSL Web UI uses port 8443 by default for both network types.

If you configured your device in single interface mode, you must connect to the Eth0 interface for

management.

1. Connect your computer to the Eth0 network.

2. In a web browser, type

https://<Eth0 IP address>:8443.

3. Use the Super Administrator credentials you configured in the Quick Setup Wizard to log in.

If you configured your device in dual interface mode, you must connect to the Eth1 interface for management.

1. Connect your computer to the Eth1 network.

2. In a web browser, type

https://<Eth1 IP address>:8443.

3. Use the Super Administrator credentials you configured in the Quick Setup Wizard to log in.

Getting Started

4 WatchGuard SSL 100

Upload the feature key file

If you did not upload your feature key file when you ran the Quick Setup Wizard, we recommend that you

upload it now.

1. Get your feature key file from LiveSecurity.

For instructions, see “Get a feature key” on page 5.

2. In the WatchGuard SSL Web UI, select Monitor System > Feature Key to upload the feature key file

to the device.

For more information, see “Upload a new feature key” on page 66.

Download and install the latest software

A newer version of operating system software for your WatchGuard SSL 100 could be available. To update

your software:

1. Go to www.watchguard.com/archive/softwarecenter.asp

.

2. Find and download the latest version of WatchGuard SSL OS.

3. From the Web UI, go to Manage System > Device Update.

User Guide 5

Getting Started

Get a feature key

A feature key is a file that enables licensed features on your WatchGuard SSL device. You must get a feature

key when you first install the device, and when you renew the LiveSecurity service.

To activate your device and get the device feature key:

1. Open a web browser and go to https://www.watchguard.com/activate

.

If you have not already logged in to LiveSecurity, the LiveSecurity Log In page appears.

2. Type your LiveSecurity user name and password.

The Activate Products page appears.

3. Type the serial number of the device, including the hyphens.

4. Follow the instructions to register your device.

5. Save the feature key file to a location on your computer and extract the feature key from the

compressed file.

After you download the feature key, you can use the Quick Setup Wizard or the Web UI to browse to the

location of the feature key on your computer and upload it to the WatchGuard SSL device.

For more information, see:

 “Use the Quick Setup Wizard to set up a basic configuration” on page 2

 “Upload a new feature key” on page 66

If you are new to WatchGuard, follow the instructions to create a LiveSecurity profile.

Getting Started

6 WatchGuard SSL 100

Restore the factory default settings

There are two ways to reset your WatchGuard SSL device to the factory default settings:

Use the WatchGuard SSL Web UI

If you can log in to the WatchGuard SSL Web UI, you can restore the device to factory default settings

from the Web UI. This is the easiest method to restore the factory default settings.

For more information, see “Restore factory default settings” on page 218.

Use recovery mode

If you cannot log into the WatchGuard SSL Web UI, you can start the device in recovery mode. When

the device is in recovery mode, you can reinstall the software image and restart the device with

factory default settings.

Before you begin

Before you start the recovery process, you must download and save a copy of the WatchGuard SSL OS on your

computer. The file has an extension of

.sysa-dl. You can download the file from the Software Downloads

section of the WatchGuard web site at http://www.watchguard.com/archive/softwarecenter.asp

.

Start the WatchGuard SSL device in recovery mode

1. Turn the WatchGuard SSL power off.

2. Press and hold the up arrow button on the front panel while you turn the power on.

3. Continue to hold the up arrow button until you see the words “Executing SysB” on the LCD display.

4. When you see the words "Recovery Mode Ready" on the LCD display, the device is in recovery mode.

In recovery mode, the Eth1 address of the device is set to 10.0.1.1.

Upload a new software image

Use these steps to upload a new software image to your WatchGuard SSL device.

1. Connect an Ethernet network cable between your computer and the Eth1 interface on the

WatchGuard SSL device.

2. Change the IP address of your computer to 10.0.1.2 (or to another IP address on the 10.0.1.0 network).

3. Open the command line interface of your computer.

For example, select All Programs > Accessories > Command Prompt from the Windows Start Menu

if you use Windows XP.

4. Change your working directory to the location where you saved the

.sysa_dl file.

5. At the command prompt, type

ftp 10.0.1.1 to connect to your WatchGuard SSL.

6. When requested, type

admin for both the user and the password.

7. Type

bin to change the transfer type to binary mode.

8. Type

put <filename>. Use the filename of the .sysa-dl file you downloaded from the WatchGuard

Software Downloads page.

The upload process can take several minutes to complete. Do not close the window or type more commands until

another command prompt appears.

9. Type quit to close the FTP connection. Exit the command line interface program.

You must use a command line FTP program to upload the WatchGuard SSL OS software image.

Many common FTP commands are disabled on the WatchGuard SSL device for security reasons. For

example, you cannot change directories (cd) or show the remote working directory (pwd). Other FTP

programs rely on these commands to show you a list of files in the remote directory, and do not

operate correctly when these commands are disabled.

User Guide 7

Getting Started

After the software image upload completes, the WatchGuard SSL device installs the software and resets the

configuration to the default settings. When the reset process completes, the device automatically restarts.

The installation and reset process can take up to 10 minutes. Do not turn off the device during this process.

Next Steps

After you restore the software image and the device restarts with factory default settings, you can use the

Quick Setup Wizard to set up your configuration again.

For more information, see ”Use the Quick Setup Wizard to set up a basic configuration” on page 2.

About the WatchGuard SSL Web UI

The WatchGuard SSL Web UI is a web-based administration application with a task-oriented approach. You

can use the Web UI to monitor your WatchGuard SSL system, add user accounts, manage resource access, and

manage your system settings.

The WatchGuard SSL Web UI has two levels of menus:

Main menu

Includes the Monitor System, User Management, Resource Access, and Manage System sections.

Left menu

Includes options to manage your configuration in the sections of the main menu.

Context-sensitive online help is integrated with the WatchGuard SSL Web UI. Click the question mark icon on

any page to get help for that task.

WatchGuard SSL Web UI Wizards

All common tasks use wizards to guide you through the steps to complete your task. This includes procedures

to add user accounts, resources, and many others.

 To start a wizard, click an Add button.

 To cancel a wizard at any time, select a different menu item or close your browser window or tab.

 To return to the previous page in a wizard, click Previous.

 To save your changes, click Finish Wizard or Save.

Publish your configuration

After you add or edit a setting in your configuration, you must save the changes to the WatchGuard SSL device

and services before they can take effect. The Publish button changes from white to blue when you make

changes that must be saved.

To save your configuration changes to the system:

Click Publish at the top of the Web UI.

You can later review or restore a configuration.

For more information about configurations, see ”Restore a saved configuration” on page 222.

After the reboot, the IP address of the Eth1 interface changes to 192.168.111.1. You must change the

IP address on your computer before you launch the Quick Setup Wizard.

Getting Started

8 WatchGuard SSL 100

System Messages

When you use a wizard or make a change to your configuration, feedback messages appear in the

WatchGuard SSL Web UI at the top of the current page. If the message text is red, you have made an error in

your configuration selection. If the message text is green, your configuration change was successful.

Use the File Browser

You can use the WatchGuard SSL Web UI file browser to find files on your WatchGuard SSL device. This is

helpful when you want to find a file name or path to include in your settings, for example with a script.

To use the file browser:

1. At the top of the Web UI, click Browse.

The file browser opens in a separate window or tab.

2. Select a folder from the navigation tree on the left.

3. To change a current file, select a file to edit, download, delete, or rename.

 To edit the file, click . Make changes to the file contents, then click Save.

 To download the file, click . Select to Open or Save the file.

 To delete the file, click . In the Warning dialog box, click OK.

 To rename the file, click . In the Rename File field, type a new name. Click Rename.

4. To upload a new file, adjacent to the Upload File field, click Browse and select a file. Click Upload.

User Guide 9

Getting Started

Customize your Application Portal

You can customize your WatchGuard SSL Web UI and WatchGuard SSL Application Portal with your corporate

brand. You can also add a link to the Access Client installer in your Application Portal.

For more information, see:

 ”Customize and brand the WatchGuard SSL Web UI and Application Portal” on page 9

 ”Add the Access Client installer link in the Application Portal” on page 19

Customize and brand the WatchGuard SSL Web UI and Application Portal

You can customize and apply your own corporate brand to the WatchGuard SSL Web UI and Application Portal

to fit the needs of your organization.

You can apply your corporate brand to these parts of the WatchGuard SSL Web UI:

 WatchGuard SSL Web UI

 WatchGuard SSL Application Portal Authentication page

 WatchGuard SSL Application Portal page

 WatchGuard SSL Application Portal Online Help

To make changes to the WatchGuard SSL Web UI files to apply your own corporate brand, you add a new set

of files with the same names as the files in the original location to a folder specifically created for the files with

the new brands. The files in this custom folder override the files in the original location. After you finish all your

changes, make sure you publish your changes.

Apply your brand to text files

1. At the top of the WatchGuard SSL Web UI, click Browse.

The File Browser appears.

2. Select the access-point\built-in-files\wwwroot\branding\folder.

3. Save the files you want to change to a location on your computer.

4. Update the saved files with your branding changes.

5. In the File Browser, select the

access-point\custom-files\wwwroot\branding\folder.

6. Upload your customized files.

For information about the specific files you can change, see “WatchGuard SSL files to customize and brand”

on page 11.

Do not change the files in the access-point\built-in-files\ directory. Upload

updated versions of these files to the access-point\custom-files\ directory instead.

Getting Started

10 WatchGuard SSL 100

Apply your brand to images, style sheets, and templates

You can customize images, style sheets, and template files. The template files specify the text used on the

Application Portal Authentication page. The heading of each Authentication page is defined by the display

name that you give the authentication method.

Current image files are found in the

access-point\built-in-files\wwwroot\wa\img folder.

All other files are found in the folders in the

access-point\built-in-files\wwwroot\wa directory.

To apply your corporate brand to files:

1. Select the

access-point\built-in-files\wwwroot\wa\ directory.

2. Select the folder in the directory with the files you want to change.

3. Save the files you want to change to a location on your computer.

4. Update the saved files with your branding changes.

5. In the File Browser, select the

access-point\custom-files\wwwroot\wa\directory.

6. Select the folder with the same name as that from which you downloaded the files in the

built-in-

files

directory.

7. Upload your customized files.

Upload all branded files at one time

If you branded many files, you can upload them all at one time in a ZIP file rather than one at a time. Make sure

that the files you updated are in the correct folder that matches the original directory structure.

1. Download the files you want to change from the

access-point\built-in-files\wwwroot

directory.

2. Update the files and add them to a ZIP file with the correct directory structure.

3. In the File Browser, select the

access-point\custom-files\wwwroot folder.

4. Click Browse and select the ZIP file.

5. Click Upload.

The file is automatically unzipped and the files are added to the directory structure from the ZIP file.

Publish your changes

When you have uploaded all the changed files, you must publish your changes before they appear in the Web

UI and Application Portal.

1. Connect to the WatchGuard SSL Web UI.

If you made changes, the Publish button is blue.

2. Click Publish.

Your branding changes appear in the Web UI and Application Portal.

User Guide 11

Getting Started

WatchGuard SSL files to customize and brand

You can copy these files and upload updated versions of these files to customize and apply your own

corporate brand to the WatchGuard SSL Web UI and Application Portal.

Text String Files

These files are in the access-point\built-in-files\wwwroot\branding folder:

authAD.txt

This file contains the heading for the Active Directory authentication page. This text appears on every

Active Directory template. Other authentication methods do not need a branding text file.

authselect.txt

This file contains the heading for the Select Authentication Method page.

authweb.txt

This file contains the name of the WatchGuard SSL Web UI that appears in the JavaScript dialog boxes

to accept ActiveX or Java Applet loader.

company.txt

This file contains the name of the company that appears in the application portal.

company_about_url.txt

This file contains the URL for information about the company.

company_contact_url.txt

This file contains the URL for company contact information.

copyright.txt

This file contains the company copyright notice.

portal.txt

This file contains the name of the Application Portal that appears on the Application Portal Help page.

product.txt

This file contains the name of the product that appears on the title of each page.

tunnel.txt

This file contains the name of the Access Client that appears in the JavaScript dialog boxes to accept

the ActiveX or Java Applet loader.

Authentication page style sheets, images, and template files

The template files specify the text used on the Application Portal Authentication pages. The heading on each

Authentication page is defined by the display name that you give the authentication method in the

WatchGuard SSL Web UI.

The existing files are in the folders in the

access-point\built-in-files\wwwroot\wa\ directory.

Do not change the files in the access-point\built-in-files\ directory. Upload updated

versions of these files to the access-point\custom-files\ directory instead.

Getting Started

12 WatchGuard SSL 100

Make sure you upload your changed files to the folder in the custom-files directory with the same name as

the folder you downloaded it from in the

built-in-files directory.

Application Portal style sheets, images, and template files

You can customize the style sheets (.css files), images, and template files used in the Application Portal and

associated authentication pages. These files are located in these folders:

 access-point\built-in-files\wwwroot\wa\

 access-point\built-in-files\wwwroot\wa\authmech

 access-point\built-in-files\wwwroot\wa\authmech\base

 access-point\built-in-files\wwwroot\wa\img

 access-point\built-in-files\wwwroot\wa\help

Style sheets

You can customize style sheets to change the colors and fonts for the Application Portal, the Application Portal

authentication pages, and the Application Portal Online Help.

To customize Change File name

The WatchGuard SSL Web UI The current skin WebSkin.zip

Graphics on logon pages The background image background_img.gif

Colors and fonts on authentication

pages

The style sheet for authentication

pages

common.css

Text strings or buttons on

authentication pages

The individual template files See the Template files

section

Application Portal logotype The logotype logo.gif

Application Portal resource icons The images [symbol_color].gif

Colors and fonts in the Application

Portal

The Application Portal style sheet access_portal.css

Colors and fonts in the Application

Portal Online Help

The Application Portal Online

Help style sheet

default.css

Contents in the Application Portal

Online Help

The Online Help HTML page access_portal_help.html

Directory Location File Name Description

\built-in-files\wwwroot\wa access_portal.css Controls colors, fonts, and the location and

size of different page objects (for example,

the logotype) in the WatchGuard SSL

Application Portal

(

_menu.html\wml and

_welcome.html\wml)

common.css Controls colors and fonts in the Application

Portal authentication pages

\built-in-files\wwwroot\wa\help default.css Controls colors and fonts in the Application

Portal Online Help

User Guide 13

Getting Started

Images

You can replace or edit images to customize the WatchGuard SSL Web UI skin, the logotype or icons in the

Application Portal, or graphics for the authentication pages. Images are GIF or JPEG format. The

down.jpg and

up.jpg web images can be in JPEG or GIF format. The mask.gif image must be in GIF format (indexed

palette). All three files must have the same dimensions in pixels.

Template files

You can edit template files to customize text strings and buttons on individual authentication pages. The

templates are available as HTML and WML files. Web authentication pages are HTML files and WAP

authentication pages are WML files.

All template files for the WatchGuard SSL Application Portal and associated authentication pages are located

in these folders:



access-point\built-in-files\wwwroot\wa\



access-point\built-in-files\wwwroot\wa\authmech



access-point\built-in-files\wwwroot\wa\authmech\base

Directory Location File Name Description

\built-in-files\wwwroot\wa\img background_img.gif Background image for

authentication pages

logo.gif Logotype

\built-in-files\wwwroot\wa\img\icons (Example)

email_orange.gif

Icons for resources

(applications) in the

Application Portal

\built-in-files\wwwroot\wa\authmech\WebSkin.zip mask.gif The mask that controls

the placement of

buttons and labels in

WatchGuard SSL Web

UI

\built-in-files\wwwroot\wa\authmech\WebSkin.zip down.jpg WatchGuard SSL Web

UI skin without

background; buttons

appear as selected

\built-in-files\wwwroot\wa\authmech\WebSkin.zip up.jpg WatchGuard SSL Web

UI skin with

background; buttons

appear as not selected

Getting Started

14 WatchGuard SSL 100

A list of some of the template files (with the folder location, description, and user variables) appears in the

subsequent table.

Folder Name File Name Description User variables

access-point\built-in-

files\wwwroot\wa

_auto_reauthmessag

e

The page that appears when

a user logs off and must

authenticate again.

_chooseAuthmech The page that appears when

a user must select an

authentication method.

name displayname

_closedown_messag

e

The page that appears when

a user session times out.

_deleteLogonCred The page that appears when

the password database has

been cleared.

_error The error message users see. errmsg

_InternalAuthenticati

on

Internal Authentication

form.

ihost

iuid

idom

_logoutPage The page that appears when

a user logs off.

_menu The template for the

WatchGuard SSL Application

Portal page. This is the menu

page that is called from the

welcome.html file.

_no_session The page that appears when

a session times out.

_popup_msg The popup message that

appears to users.

location

errmsg

_reauthmessage The timeout message that

appears to users.

_refresh_top The page that appears when

a user must refresh the

browser.

_securitywarning The page that appears for

security warnings.

errmsg

_TimedoutPage The page that appears when

a user is temporarily locked

until a specific timeout

occurs (SecurID only).

auth_timeout

_webclient.html The page that appears when

the user selects a tunnel set

in the Application Portal.

_webclientjavaobj.ht

ml

Contains the Access Client

Java applet.

_webclientobj.html Contains the Access Client

ActiveX.

Page is loading ...

Watchguard SSL User guide

Watchguard SSL User guide

Related papers

Other documents