
MIDWESTERN INTERMEDIATE UNIT IV – A CASE STUDY IN INTERNET SECURITY
WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com
11
Application Support
In Kiosk mode, the Firebox SSL provides access to Citrix ICA, Remote Desktop, SSH, Telnet 3270 emulation, VNC
servers and one-click access to shared network drives. Access can be controlled on a per-group basis.
Gaining Remote Access
End users obtain remote access by simply accessing a secure Web URL with their browser. Once connected, clients
are prompted for their user name and password over HTTP 401 Basic, Digest, or NTLM. The Firebox SSL then
authenticates these credentials with the organization’s logon server (such as Microsoft Active Directory, LDAP, or
RADIUS), and if the credentials are correct, offers the user the choice of connecting from “my own computer”, or “a
public computer”. If “a public computer” is selected, the user is given limited access to the organizations corporate
network via Kiosk Mode.
Operation
In Kiosk mode, the Firebox SSL opens a Virtual Network Computing (VNC) like connection in a window. The Firebox
SSL sends images only (no data) over the VPN connection. As a result, there is no risk of leaving temporary files or
cookies on the public computer
• For computers running Windows 2000 and above, kiosk operation is available through the Access Portal. The
kiosk link can be removed from the Access Portal on a group basis.
• For computers running a JVM 1.4.2 or higher (such as Macintosh or Windows 95/98 computers), kiosk
operation is available through a Java applet.
• For Macintosh, Safari is the supported browser.
SUMMARY
IPSec and SSL VPNs each have inherent advantages and disadvantages. To meet the challenge of economical,
secure, mobile remote access, organizations need the advantages of both these types of products, with none of
their disadvantages. The WatchGuard Firebox SSL VPN Gateway with Citrix® Secure Access provides enterprises
and organizations with the advantages of both IPSec VPNs and SSL VPNs, without the shortcomings—replacing the
need for pure IPSec or SSL VPN solutions.
Where IPSec VPN solutions provide network-layer access and encryption, and SSL VPNs provide application-layer
access and encryption, WatchGuard combines network-layer access with application-level encryption in a hybrid
technology. This dramatically improves the end user experience, while significantly reducing the IT security
administrator’s support overhead and security.
Komentáře k této Příručce