Watchguard SSL User guide

  • Hello! I am an AI chatbot trained to assist you with the Watchguard SSL User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
WatchGuard Administrator
User Guide
Version: 2.0
ii WatchGuard SSL 500 & SSL 1000
Notice to Users
Information in this guide is subject to change without notice. Companies, names, and data used in examples
herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any
form or by any means, electronic or mechanical, for any purpose, without the express written permission of
WatchGuard Technologies, Inc.
Guide revision: 08/27/2008
Copyright, Trademark, and Patent Information
Copyright © 1998 - 2008 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names
mentioned herein, if any, are the property of their respective owners.
This product is for indoor use only.
WatchGuard, the WatchGuard logo, LiveSecurity, and any other mark listed as a trademark in the “Terms of
Use” portion of the WatchGuard Web site that is used herein are either registered trademarks or trademarks
of WatchGuard Technologies, Inc. and/or its subsidiaries in the United States and/or other countries. All other
trademarks are the property of their respective owners.
Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT®, Windows® 2000, Windows® XP, and
Windows® Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States
and/or other countries.
Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United
States and other countries. All right reserved.
“OpenVPN” is a trademark of OpenVPN Solutions LLC.
Licensing
Some components of the WatchGuard SSL software are distributed with source code covered under one or
more third party or open source licenses. We include below the full text of the licenses as required by the terms
of each license.
To get the source code covered by these licenses, contact WatchGuard Technical Support at:
877.232.3531 from the United States or Canada
+1.360.482.1083 from all other countries
You can download the source code at no charge. If you request a compact disc, there is a $35 charge for
administration and shipping.
GNU Lesser General Public License (LGPL)
Specific copyright information for the above software can be found in the WatchGuard SSL Hardware Guide
that accompanies the WatchGuard SSL device in shipment.
User Guide iii
Apache License (2.0)
Each of the following programs are wholly or partially licensed under version 2.0 of the Apache License:
Apache ant, Apache web server, Apache FOP, Apache Commons, Apache POI.
Specific copyright information for the above software, if any, can be found in subsequent pages of this
Reference Guide.
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
“License” shall mean the terms and conditions for use, reproduction, and distribution as defined by
Sections 1 through 9 of this document.
“Licensor” shall mean the copyright owner or entity authorized by the copyright owner that is granting
the License.
“Legal Entity” shall mean the union of the acting entity and all other entities that control, are controlled
by, or are under common control with that entity. For the purposes of this definition, “control” means
(i) the power, direct or indirect, to cause the direction or management of such entity, whether by
contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii)
beneficial ownership of such entity.
“You” (or “Your”) shall mean an individual or Legal Entity exercising permissions granted by this
License.
“Source” form shall mean the preferred form for making modifications, including but not limited to
software source code, documentation source, and configuration files.
“Object” form shall mean any form resulting from mechanical transformation or translation of a Source
form, including but not limited to compiled object code, generated documentation, and conversions
to other media types.
“Work” shall mean the work of authorship, whether in Source or Object form, made available under the
License, as indicated by a copyright notice that is included in or attached to the work (an example is
provided in the Appendix below).
“Derivative Works” shall mean any work, whether in Source or Object form, that is based on (or derived
from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works
shall not include works that remain separable from, or merely link (or bind by name) to the interfaces
of, the Work and Derivative Works thereof.
“Contribution” shall mean any work of authorship, including the original version of the Work and any
modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to
Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized
to submit on behalf of the copyright owner. For the purposes of this definition, “submitted” means any
form of electronic, verbal, or written communication sent to the Licensor or its representatives,
including but not limited to communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of
discussing and improving the Work, but excluding communication that is conspicuously marked or
otherwise designated in writing by the copyright owner as “Not a Contribution.”
“Contributor” shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution
has been received by Licensor and subsequently incorporated within the Work.
iv WatchGuard SSL 500 & SSL 1000
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor
hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform,
sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby
grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as
stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise
transfer the Work, where such license applies only to those patent claims licensable by such
Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent
litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct or contributory patent infringement,
then any patent licenses granted to You under this License for that Work shall terminate as of the date
such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in
any medium, with or without modifications, and in Source or Object form, provided that You meet the
following conditions:
a. You must give any other recipients of the Work or Derivative Works a copy of this License; and
b. You must cause any modified files to carry prominent notices stating that You changed the files;
and
c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright,
patent, trademark, and attribution notices from the Source form of the Work, excluding those
notices that do not pertain to any part of the Derivative Works; and
d. If the Work includes a “NOTICE” text file as part of its distribution, then any Derivative Works that
You distribute must include a readable copy of the attribution notices contained within such
NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at
least one of the following places: within a NOTICE text file distributed as part of the Derivative
Works; within the Source form or documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and wherever such third-party notices
normally appear. The contents of the NOTICE file are for informational purposes only and do not
modify the License. You may add Your own attribution notices within Derivative Works that You
distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such
additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or
different license terms and conditions for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the
Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally
submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions. Notwithstanding the above, nothing herein
shall supersede or modify the terms of any separate license agreement you may have executed with
Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service
marks, or product names of the Licensor, except as required for reasonable and customary use in
describing the origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides
the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation,
any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or
redistributing the Work and assume any risks associated with Your exercise of permissions under this
License.
User Guide v
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence),
contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts)
or agreed to in writing, shall any Contributor be liable to You for damages, including any direct,
indirect, special, incidental, or consequential damages of any character arising as a result of this License
or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all other commercial damages or losses),
even if such Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works
thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or
other liability obligations and/or rights consistent with this License. However, in accepting such
obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any
other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for
any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any
such warranty or additional liability.
END OF TERMS AND CONDITIONS
vi WatchGuard SSL 500 & SSL 1000
User Guide vii
Table of Contents
Chapter 1 Introduction ............................................................................................................................... 1
Target audience................................................................................................................................................. 1
Conventions used in this publication........................................................................................................ 1
Special Fonts....................................................................................................................................................... 1
Notes..................................................................................................................................................................... 2
Contact WatchGuard documentation department.............................................................................. 2
References ........................................................................................................................................................... 2
Chapter 2 Get started ................................................................................................................................. 3
Reading suggestions ....................................................................................................................................... 4
Customer support............................................................................................................................................. 4
Product Overview.................................................................................................................................................. 5
Assessment.......................................................................................................................................................... 5
Authentication................................................................................................................................................... 6
Authorization...................................................................................................................................................... 6
Auditing................................................................................................................................................................ 7
Access.................................................................................................................................................................... 7
Abolishment ....................................................................................................................................................... 8
Technical overview................................................................................................................................................ 9
Administrative Service .................................................................................................................................... 9
Access Point ...................................................................................................................................................... 10
Policy Service.................................................................................................................................................... 11
Resources...................................................................................................................................................... 11
Access Rules ................................................................................................................................................. 12
Single Sign On............................................................................................................................................. 12
Authentication Service.................................................................................................................................. 13
WatchGuard Authentication.................................................................................................................. 13
WatchGuard Administrator Distribution Service................................................................................. 14
Planning .................................................................................................................................................................. 14
Define the Deployment Goals.................................................................................................................... 14
Security Audit/Planning ............................................................................................................................... 15
System Architecture Review .................................................................................................................. 15
Public Key Infrastructure ......................................................................................................................... 15
Securing your operating system .................................................................................................................... 16
Securing the file system........................................................................................................................... 16
Securing shared resources...................................................................................................................... 17
viii WatchGuard SSL 500 & SSL 1000
File auditing ................................................................................................................................................. 17
Securing disk resources ........................................................................................................................... 17
User management strategy ............................................................................................................................. 18
Analyze your environment..................................................................................................................... 18
Directory service requirements............................................................................................................. 18
Password management........................................................................................................................... 19
Use of Foreign Characters....................................................................................................................... 19
Securing Microsoft Active Directory ................................................................................................... 19
User management recommendations.................................................................................................... 20
Recommendations for DNS Management........................................................................................ 20
Recommendations for the Active Directory installation ............................................................. 20
Recommendations for Domain and OU management ................................................................ 20
Recommendations for Tree and Forest management ................................................................. 20
Recommendations for Object Access Control Management .................................................... 20
Recommendations for Replication Management.......................................................................... 21
Recommendations for Operation Masters........................................................................................ 21
Recommendations for auditing............................................................................................................ 21
Resource access............................................................................................................................................... 21
Access strategies ........................................................................................................................................ 21
Pre-installation check list ............................................................................................................................. 22
Pre-Installation Check List....................................................................................................................... 22
WatchGuard Network......................................................................................................................................... 23
Network Layout .......................................................................................................................................... 23
Default listening ports................................................................................................................................... 24
Register your WatchGuard SSL User Pack with LiveSecurity Service................................................ 26
Chapter 3 Installation ............................................................................................................................... 27
Primary WatchGuard user................................................................................................................................. 28
Change the primary WatchGuard User password.......................................................................... 28
Preparation ............................................................................................................................................................ 29
Install on Windows.............................................................................................................................................. 30
Install administration service...................................................................................................................... 30
Install Authentication Service..................................................................................................................... 31
Install Policy Service....................................................................................................................................... 31
Install Distribution Service........................................................................................................................... 31
Install WatchGuard Mobile ID..................................................................................................................... 31
Install Access Client........................................................................................................................................ 31
Upgrade overview............................................................................................................................................... 32
Start and Stop WatchGuard Administrator Services............................................................................... 32
Uninstall WatchGuard Administrator ........................................................................................................... 32
Chapter 4 Setup System Wizard .............................................................................................................. 33
About the Setup System Wizard .................................................................................................................... 33
Requirements and preparation............................................................................................................. 34
What Setup System includes ................................................................................................................. 34
Start the Setup System Wizard ....................................................................................................................... 35
WatchGuard Administration Service Dashboard ........................................................................... 35
WatchGuard Administrator .................................................................................................................... 35
Upload license file ............................................................................................................................................... 36
License File ................................................................................................................................................... 36
Select directory service...................................................................................................................................... 36
Configure directory service.............................................................................................................................. 37
Common Settings for all Directory Service Types.......................................................................... 39
Specific Settings for Other or Customized Directory Service..................................................... 39
User Guide ix
Super Administrator credentials .................................................................................................................... 40
Set up administration service.......................................................................................................................... 40
Configure an Access Point in WatchGuard Administrator.................................................................... 40
Set up Policy Service........................................................................................................................................... 41
Policy Service Settings.............................................................................................................................. 41
Set up Authentication Service ........................................................................................................................ 41
Select WatchGuard Authentication Methods.................................................................................. 41
Authentication Service and Authentication Method Settings .................................................. 42
Select additional Authorization Methods ......................................................................................... 42
Configure Authentication Methods.............................................................................................................. 43
Novell eDirectory Settings...................................................................................................................... 44
Confirm Authentication Methods.................................................................................................................. 44
Configure user storage ...................................................................................................................................... 45
Browse for root DN......................................................................................................................................... 45
Search rules....................................................................................................................................................... 46
Select additional Directory Service ............................................................................................................... 47
Configure additional Directory Service ....................................................................................................... 48
Additional Directory Service Settings................................................................................................. 48
Finish the Setup System Wizard..................................................................................................................... 48
Chapter 5 Set up an Access Point ............................................................................................................ 49
WatchGuard SSL device software.................................................................................................................. 49
Connect your WatchGuard SSL Access Point device.............................................................................. 49
Select an Architecture Method....................................................................................................................... 50
One Interface Architecture ..................................................................................................................... 50
Two Interface Architecture..................................................................................................................... 51
Configure your WatchGuard SSL device ..................................................................................................... 52
Reset your configuration.............................................................................................................................. 52
Set the Date and Time Zone for your WatchGuard SSL device........................................................... 53
Change the password for your WatchGuard SSL device....................................................................... 53
Use Log Viewer..................................................................................................................................................... 54
View Logs...................................................................................................................................................... 54
Clean Logs .................................................................................................................................................... 54
Update WatchGuard SSL device software.................................................................................................. 54
Chapter 6 Administration ........................................................................................................................ 55
About WatchGuard Administrator ................................................................................................................ 55
Top menu........................................................................................................................................................... 55
Online Help ....................................................................................................................................................... 56
Monitor system................................................................................................................................................ 57
Manage accounts and storage................................................................................................................... 57
Manage resource access............................................................................................................................... 58
Manage system................................................................................................................................................ 59
Chapter 7 Monitor System ....................................................................................................................... 61
About Monitor System....................................................................................................................................... 61
Status Overview.......................................................................................................................................... 61
Event Overview........................................................................................................................................... 61
Status overview.................................................................................................................................................... 62
Users ............................................................................................................................................................... 62
Resources...................................................................................................................................................... 62
System information................................................................................................................................... 62
Administrators............................................................................................................................................. 62
Event overview ..................................................................................................................................................... 63
Manage settings................................................................................................................................................... 63
x WatchGuard SSL 500 & SSL 1000
About system status ........................................................................................................................................... 64
General Status ............................................................................................................................................. 64
Access Points ............................................................................................................................................... 64
Policy Services ............................................................................................................................................. 64
Authentication Services........................................................................................................................... 64
About user sessions ............................................................................................................................................ 65
Logging ................................................................................................................................................................... 65
About Log Viewer ........................................................................................................................................... 65
Diagnostic file.............................................................................................................................................. 66
Log Viewer Settings .................................................................................................................................. 66
About logging.................................................................................................................................................. 67
Manage logging .............................................................................................................................................. 67
Log level filter.............................................................................................................................................. 68
Log file rotation .......................................................................................................................................... 68
Windows event log/Unix syslog ........................................................................................................... 68
Manage global logging settings................................................................................................................ 69
About the license file.......................................................................................................................................... 70
View license details ........................................................................................................................................ 70
Upload new license........................................................................................................................................ 70
Alerts ........................................................................................................................................................................ 71
About alerts....................................................................................................................................................... 71
Alert events .................................................................................................................................................. 71
Manage alerts................................................................................................................................................... 71
Alert settings................................................................................................................................................ 71
Alert event settings ................................................................................................................................... 72
Settings.......................................................................................................................................................... 72
Alert notification receivers...................................................................................................................... 73
Manage global alert settings...................................................................................................................... 74
Reports..................................................................................................................................................................... 76
About reports ................................................................................................................................................... 76
Time range.................................................................................................................................................... 76
Filters .............................................................................................................................................................. 77
Graphics......................................................................................................................................................... 77
Statistics.............................................................................................................................................................. 78
Data Retrieval .............................................................................................................................................. 78
About report database.................................................................................................................................. 79
Limitations.................................................................................................................................................... 79
Manage reports ............................................................................................................................................... 80
Set time range............................................................................................................................................. 80
Set time range............................................................................................................................................. 81
Assessment report settings.................................................................................................................... 83
Abolishment report settings.................................................................................................................. 83
Access report settings .............................................................................................................................. 84
Authentication report settings.............................................................................................................. 85
Authorization report settings................................................................................................................ 86
Account statistics report settings......................................................................................................... 87
Session trend report settings................................................................................................................. 87
Communication report settings ........................................................................................................... 88
Alert report settings .................................................................................................................................. 88
System report settings ............................................................................................................................. 88
Performance report settings....................................................................................................
.............. 89
Tunnel report settings.............................................................................................................................. 89
Chapter 8 Manage accounts and storage ............................................................................................... 91
User Guide xi
About accounts and storage ........................................................................................................................... 91
User accounts .............................................................................................................................................. 91
User Import and Linking.......................................................................................................................... 91
User groups.................................................................................................................................................. 92
User storage ................................................................................................................................................. 92
Global user account settings........................................................................................................................... 93
About global user account settings......................................................................................................... 93
About user linking ..................................................................................................................................... 93
About user link repair............................................................................................................................... 93
Manage global user account settings ..................................................................................................... 94
General settings.......................................................................................................................................... 94
Manage user linking.................................................................................................................................. 95
General Settings ......................................................................................................................................... 95
User linking ............................................................................................................................................................ 99
About user linking .......................................................................................................................................... 99
Manage user linking....................................................................................................................................... 99
Manage user link repair ........................................................................................................................ 100
User import ......................................................................................................................................................... 101
About User Import....................................................................................................................................... 101
Manage User Import................................................................................................................................... 101
User accounts..................................................................................................................................................... 104
About user accounts................................................................................................................................... 104
User Account Search Result List......................................................................................................... 104
Add user account .................................................................................................................................... 104
User Linking .............................................................................................................................................. 105
User Import................................................................................................................................................ 106
WatchGuard authentication ............................................................................................................... 106
Single Sign-On domain settings........................................................................................................ 106
User certificate ......................................................................................................................................... 106
Manage user accounts ............................................................................................................................... 107
General settings....................................................................................................................................... 108
General Settings ...................................................................................................................................... 108
Manage authentication settings ....................................................................................................... 108
Manage SSO settings............................................................................................................................. 114
User certificate ......................................................................................................................................... 115
User groups......................................................................................................................................................... 116
About user groups....................................................................................................................................... 116
About user location group .................................................................................................................. 116
About user property group ................................................................................................................. 116
About user group in directory service............................................................................................. 116
Manage user groups................................................................................................................................... 116
Manage user property groups............................................................................................................ 117
Manage user location groups............................................................................................................. 117
User storage........................................................................................................................................................ 118
About user storage...................................................................................................................................... 118
Search rules............................................................................................................................................... 118
Directory mapping ................................................................................................................................. 118
Manage User Storage ................................................................................................................................. 118
General settings....................................................................................................................................... 118
Manage search rules .............................................................................................................................. 119
Manage directory mapping.......................................................................................................
.......... 121
Chapter 9 Manage Resource Access ...................................................................................................... 123
About resource access.................................................................................................................................... 123
xii WatchGuard SSL 500 & SSL 1000
Access rules............................................................................................................................................... 123
Standard resources................................................................................................................................. 123
Global Resource settings................................................................................................................................ 124
About global resource settings............................................................................................................... 124
About internal proxy.............................................................................................................................. 124
About DNS name pool .......................................................................................................................... 124
About filters............................................................................................................................................... 125
About link translation............................................................................................................................ 125
Manage Global Resource Settings.................................................................................................... 126
Manage global resource settings........................................................................................................... 126
General settings....................................................................................................................................... 126
Filters ........................................................................................................................................................... 127
Link translation ........................................................................................................................................ 128
DNS Names for Access Point............................................................................................................... 129
DNS Name Pool........................................................................................................................................ 130
Standard resources .......................................................................................................................................... 131
About standard resources ........................................................................................................................ 131
Manage standard resources..................................................................................................................... 131
Common Standard Resource Settings ............................................................................................ 131
Access Rules .............................................................................................................................................. 132
Citrix MetaFrame Presentation Server............................................................................................. 133
Citrix MetaFrame Server ....................................................................................................................... 133
Thinlinc Application Server ................................................................................................................. 134
Domino Web Access 6.5 ....................................................................................................................... 135
Terminal Server 2000/Terminal Server 2003................................................................................. 135
Outlook Web Access 2000/Outlook Web Access2003/Outlook Web Access 5.5............. 136
Microsoft Outlook Client 2000/2003/2007 .................................................................................... 137
POP3/SMTP................................................................................................................................................ 137
IMAP/SMTP................................................................................................................................................ 138
Windows File Share ................................................................................................................................ 138
Windows File Share ............................................................................................................................... 138
Access to Home Directory.................................................................................................................... 139
Secure Remote Access to Administrator ........................................................................................ 139
SalesForce.................................................................................................................................................. 140
Web Resources .................................................................................................................................................. 140
About Web Resources................................................................................................................................ 140
Manage Web resource hosts ................................................................................................................... 141
General settings....................................................................................................................................... 141
Troubleshooting (FAQ) ......................................................................................................................... 144
Application Portal Settings.................................................................................................................. 145
Access rules............................................................................................................................................... 145
Advanced settings.................................................................................................................................. 146
Encryption Level...................................................................................................................................... 148
Manage web resource paths ................................................................................................................... 149
General settings....................................................................................................................................... 149
Access rules............................................................................................................................................... 150
Advanced settings.................................................................................................................................. 151
Tunnel resources............................................................................................................................................... 153
About tunnel resources ............................................................................................................................. 153
Manage tunnel resources ......................................................................................................................... 153
Tunnel resource settings...................................................................................................................... 153
Alternative Hosts..................................................................................................................................... 154
Access rules............................................................................................................................................... 154
Advanced settings..............................................................................................................
.................... 154
User Guide xiii
Tunnel resource networks............................................................................................................................. 156
About tunnel resource networks ........................................................................................................... 156
Manage tunnel resource networks........................................................................................................ 156
Tunnel resources network settings .................................................................................................. 156
Access Rules .............................................................................................................................................. 156
Advanced settings.................................................................................................................................. 157
Tunnel sets .......................................................................................................................................................... 159
About tunnel sets......................................................................................................................................... 159
Manage tunnels sets................................................................................................................................... 160
Tunnel set settings ................................................................................................................................. 160
Application Portal Settings.................................................................................................................. 160
Static Tunnel Settings............................................................................................................................ 161
Dynamic Tunnel Settings..................................................................................................................... 162
Startup settings........................................................................................................................................ 163
Advanced tunnel settings.................................................................................................................... 163
Mapped Drives......................................................................................................................................... 164
Access Client Loader.............................................................................................................................. 165
Additional Client Configuration ........................................................................................................ 165
Specific Settings ...................................................................................................................................... 166
Provide IP Address.................................................................................................................................. 167
DNS Forwarding ...................................................................................................................................... 167
Client Firewall........................................................................................................................................... 167
Access Rules .............................................................................................................................................. 167
Manage global tunnel set settings........................................................................................................ 167
External DHCP Settings......................................................................................................................... 167
IP Address Pool ........................................................................................................................................ 168
DNS Server................................................................................................................................................. 168
Client firewalls.................................................................................................................................................... 169
About client firewalls.................................................................................................................................. 169
Prevent other network connections to be routed ...................................................................... 169
Check integrity of connecting application .................................................................................... 169
Firewall rules based on device ........................................................................................................... 171
Manage client firewalls .............................................................................................................................. 172
Incoming firewall rules.......................................................................................................................... 172
Outgoing firewall rules ......................................................................................................................... 173
Customized resources..................................................................................................................................... 174
About customized resources................................................................................................................... 174
Manage customized resource hosts ..................................................................................................... 174
Access rules............................................................................................................................................... 174
Advanced settings.................................................................................................................................. 175
Customized Resource Host Settings ................................................................................................ 175
Manage customized resource paths..................................................................................................... 176
Access rules............................................................................................................................................... 176
Advanced settings.................................................................................................................................. 177
SSO domains ...................................................................................................................................................... 179
About SSO domains.................................................................................................................................... 179
Access rules............................................................................................................................................... 179
Domain types ........................................................................................................................................... 180
Manage SSO domains ................................................................................................................................ 181
SSO Domain Settings............................................................................................................................. 181
Domain attributes................................................................................................................................... 182
Domain Type Cookie.............................................................................................................
................. 183
Access Rules .............................................................................................................................................. 183
Settings....................................................................................................................................................... 183
xiv WatchGuard SSL 500 & SSL 1000
Access rules......................................................................................................................................................... 185
About access rules....................................................................................................................................... 185
Access rule types..................................................................................................................................... 185
About managing access rules ............................................................................................................ 186
Manage access rules .............................................................................................................................. 187
Manage global access rule................................................................................................................... 187
Manage access rules for resource or SSO domains .................................................................... 188
Access rule settings..................................................................................................................................... 189
Microsoft Windows Client Data ......................................................................................................... 191
Settings....................................................................................................................................................... 193
Application portal............................................................................................................................................. 196
About application portal........................................................................................................................... 196
Access Client............................................................................................................................................. 196
Manage application portal ....................................................................................................................... 196
Application portal item settings............................................................................................................. 197
Identity Federation........................................................................................................................................... 199
About Identity Federation ........................................................................................................................ 199
Assertions................................................................................................................................................... 199
Preconditions ........................................................................................................................................... 199
Providers .................................................................................................................................................... 200
Manage Identity Federation settings ................................................................................................... 200
Global Identity Federation Settings ................................................................................................. 200
Manage providers........................................................................................................................................ 201
Chapter 10 Manage system ...................................................................................................................... 203
About Manage System ................................................................................................................................... 203
Abolishment ....................................................................................................................................................... 204
About Abolishment..................................................................................................................................... 204
Manage abolishment.................................................................................................................................. 205
General Settings ...................................................................................................................................... 205
Cache Cleaner........................................................................................................................................... 206
Advanced................................................................................................................................................... 207
Access Points...................................................................................................................................................... 208
About Access Points.................................................................................................................................... 208
Manage Access Points................................................................................................................................ 210
Access Point settings ............................................................................................................................. 210
Additional listeners ................................................................................................................................ 210
Manage Global Access Point settings................................................................................................... 212
Advanced settings.................................................................................................................................. 212
Cipher Suites............................................................................................................................................. 213
Performance.............................................................................................................................................. 214
About load balancing................................................................................................................................. 214
Manage load balancing ........................................................................................................................ 215
Mirrored Access Points.......................................................................................................................... 215
Settings....................................................................................................................................................... 215
Administrative Service.................................................................................................................................... 220
About Administrative Service.................................................................................................................. 220
Configuration ........................................................................................................................................... 220
Manage Administrative Service.............................................................................................................. 221
Administration Service Settings ........................................................................................................ 221
Assessment ......................................................................................................................................................... 222
About Assessment....................................................................................................................................... 222
Manage Assessment ................................................................................................................................... 222
General Settings ...................................................................................................................................... 223
User Guide xv
Advanced Settings.................................................................................................................................. 225
Plug-ins ....................................................................................................................................................... 226
Authentication methods................................................................................................................................ 226
About authentication methods.............................................................................................................. 226
Authentication methods...................................................................................................................... 227
About WatchGuard SSL Mobile Text................................................................................................ 228
About WatchGuard SSL Web .............................................................................................................. 228
About WatchGuard SSL Challenge................................................................................................... 229
About WatchGuard SSL Password .................................................................................................... 229
About WatchGuard SSL Synchronized............................................................................................ 229
Additional authentication methods................................................................................................. 230
Manage authentication methods .......................................................................................................... 231
General settings....................................................................................................................................... 231
Authentication method server........................................................................................................... 234
RADIUS replies.......................................................................................................................................... 241
Extended properties .............................................................................................................................. 242
Authentication services ............................................................................................................................. 248
About Authentication Service............................................................................................................ 248
Manage Authentication Services ...................................................................................................... 249
Define RADIUS Authentication .......................................................................................................... 251
Define password/PIN ............................................................................................................................. 252
Email messages........................................................................................................................................ 257
SMS/Screen messages........................................................................................................................... 261
Certificates...................................................................................................................................................... 264
About certificates.................................................................................................................................... 264
Registered Server Certificates............................................................................................................. 264
Registered Client Certificate ............................................................................................................... 264
Manage certificates ................................................................................................................................ 264
Certificate Authority settings.............................................................................................................. 265
Server certificate settings..................................................................................................................... 266
Client certificate settings...................................................................................................................... 266
Settings....................................................................................................................................................... 266
Device definitions............................................................................................................................................. 268
About device definitions........................................................................................................................... 268
Manage device definitions ....................................................................................................................... 268
Delegated management................................................................................................................................ 269
About delegated management.............................................................................................................. 269
Manage delegated management .......................................................................................................... 269
Role settings.............................................................................................................................................. 270
Directory services.............................................................................................................................................. 272
About directory services............................................................................................................................ 272
Manage directory services........................................................................................................................ 272
General Settings ...................................................................................................................................... 272
Communication Settings ..................................................................................................................... 273
Advanced Settings.................................................................................................................................. 274
Notification settings ........................................................................................................................................ 275
About notification settings....................................................................................................................... 275
Manage notification settings................................................................................................................... 275
Email channel settings .......................................................................................................................... 275
SMS channel settings............................................................................................................................. 276
Variables ......................................................................................................................
............................... 282
Policy Services.................................................................................................................................................... 282
About Policy Services ................................................................................................................................. 282
Manage Policy Services.............................................................................................................................. 283
xvi WatchGuard SSL 500 & SSL 1000
General settings....................................................................................................................................... 283
XPI: Web services..................................................................................................................................... 284
Manage global Policy Service settings................................................................................................. 285
Communication Settings ..................................................................................................................... 285
RADIUS Configuration..................................................................................................................................... 286
About RADIUS configuration................................................................................................................... 286
Manage RADIUS configuration............................................................................................................... 287
RADIUS Client Settings.......................................................................................................................... 287
Manage RADIUS Back-End Servers ................................................................................................... 288
Glossary 289
A.............................................................................................................................................................................. 289
Access Rules .............................................................................................................................................. 289
ASCII............................................................................................................................................................. 289
ASN.1 ........................................................................................................................................................... 289
Authentication......................................................................................................................................... 289
Authentication Method ........................................................................................................................ 289
Authentication Server ........................................................................................................................... 289
Authorization............................................................................................................................................ 290
B .............................................................................................................................................................................. 290
BankID ......................................................................................................................................................... 290
Base64 ......................................................................................................................................................... 290
Base DN....................................................................................................................................................... 290
C .............................................................................................................................................................................. 290
CA.................................................................................................................................................................. 290
CA Certificate............................................................................................................................................ 290
Cipher.......................................................................................................................................................... 290
Client Certificate...................................................................................................................................... 290
CDP............................................................................................................................................................... 290
Client Device............................................................................................................................................. 291
CRC ............................................................................................................................................................... 291
CRL................................................................................................................................................................ 291
CVC............................................................................................................................................................... 291
D.............................................................................................................................................................................. 291
Delegated Management ...................................................................................................................... 291
DER ............................................................................................................................................................... 291
Device.......................................................................................................................................................... 291
Digital Certificate..................................................................................................................................... 291
Directory Service ..................................................................................................................................... 291
Directory Service User Group ............................................................................................................. 292
Display Name............................................................................................................................................ 292
Distribution Channel.............................................................................................................................. 292
DMZ.............................................................................................................................................................. 292
DN................................................................................................................................................................. 292
DNS............................................................................................................................................................... 292
E............................................................................................................................................................................... 292
Encryption ................................................................................................................................................. 292
F............................................................................................................................................................................... 292
Firewall........................................................................................................................................................ 292
FTP................................................................................................................................................................ 292
H.............................................................................................................................................................................. 293
Host.............................................................................................................................................................. 293
HTTP............................................................................................................................................................. 293
HTTPS .......................................................................................................................................................... 293
User Guide xvii
L............................................................................................................................................................................... 293
LDAP ............................................................................................................................................................ 293
Log Levels .................................................................................................................................................. 293
M ............................................................................................................................................................................. 293
MIME............................................................................................................................................................ 293
N.............................................................................................................................................................................. 293
NTLM............................................................................................................................................................ 293
O.............................................................................................................................................................................. 294
OpenSSL ..................................................................................................................................................... 294
OU................................................................................................................................................................. 294
P .............................................................................................................................................................................. 294
PEM............................................................................................................................................................... 294
PIN ................................................................................................................................................................ 294
PKI................................................................................................................................................................. 294
Port............................................................................................................................................................... 294
Proxy............................................................................................................................................................ 294
R .............................................................................................................................................................................. 294
RADIUS........................................................................................................................................................ 294
Resource..................................................................................................................................................... 294
Resource Host........................................................................................................................................... 294
Resource Path........................................................................................................................................... 295
S............................................................................................................................................................................... 295
SAML............................................................................................................................................................ 295
Seed ............................................................................................................................................................. 295
Server Certificate..................................................................................................................................... 295
Shared Secret............................................................................................................................................ 295
SMS............................................................................................................................................................... 295
SMPP............................................................................................................................................................ 295
SSL ................................................................................................................................................................ 295
SSO ............................................................................................................................................................... 295
SSO Domain .............................................................................................................................................. 295
T............................................................................................................................................................................... 296
TCP................................................................................................................................................................ 296
TLS ................................................................................................................................................................ 296
Tunneling................................................................................................................................................... 296
U.............................................................................................................................................................................. 296
UDP .............................................................................................................................................................. 296
URI................................................................................................................................................................. 296
URL ............................................................................................................................................................... 296
User Certificate......................................................................................................................................... 296
User Group................................................................................................................................................. 296
User Location Group.............................................................................................................................. 296
User Property Group.............................................................................................................................. 296
User Storage.............................................................................................................................................. 296
W............................................................................................................................................................................. 297
WAP.............................................................................................................................................................. 297
X .............................................................................................................................................................................. 297
X.509 ............................................................................................................................................................ 297
xviii WatchGuard SSL 500 & SSL 1000
User Guide 1
1
Introduction
Welcome to the WatchGuard Administrator User Guide – your reference guide to a secure and flexible solution
for safe access to any and all of your internal and external resources and applications.
Our aim has been to provide WatchGuard Administrator users with a comprehensive guide to all aspects of
WatchGuard Administrator administration. In doing so, we have structured the WatchGuard Administrator
User Guide in About and Manage sections, to enable readers to access in-depth information when they
need it. Regardless if this is conceptual information to prepare for installation, to gain deeper understanding
of complex topics, or instructions on how to administer specific functionality.
The About sections contain overview information of specific functionality in WatchGuard Administrator,
presented in the same order as it is structured in the WatchGuard Administrator, so when you wish to learn
more on a specific task in a conceptual point of view – this is where to look.
Browse the Manage sections when you are performing a task in the WatchGuard Administrator and do not
find the information you need in the WatchGuard Administrator Online Help.
Target audience
This User Guide covers all aspects of WatchGuard Administrator and is intended for both administrators and
system integrators. For more detailed information on essential reading, please see section Getting Started.
Conventions used in this publication
This publication uses various conventions to present information. Words that require special treatment
appear in specific fonts or font styles. Certain information, such as command-line options, uses special formats
so that you can scan it quickly.
Special Fonts
This publication uses several typographical conventions. All code listings, reserved words, and the names of
actual data structures, constants, fields, parameters, and routines are shown in monospaced font (this is
monospace). Words that appear in boldface are menu items and/or settings in the WatchGuard
Administrator.
Introduction
2 WatchGuard SSL 500 & SSL 1000
Notes
Contact WatchGuard documentation department
WatchGuard is always interested in feedback from our users. Please direct comments or questions regarding
any WatchGuard publication to the WatchGuard Documentation Department at
documentation@watchguard.com. Please include the title of the document in your email.
References
Referenced documents, such as technical notes, are included with your product and can be located on the
product distribution, or if the product is already installed, in the Documentation folder where the product was
installed. It is also possible to access the documentation directly from the WatchGuard Administrator
Administrator Dashboard.
Notes contain information that is interesting but possibly not essential to an understanding of the
main text.
/