F5 Firepass Service manual

FirePass

Server Administrator Guide

version 4.0

MAN-0081-00

FirePass

™

Server Administrator Guide i

Product Version

This manual applies to product version 4.0 of the FirePass

™

Server Administrator Guide.

Legal Notices

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5

assumes no responsibility for the use of this information, nor any infringement of patents or other rights of

third parties which may result from its use. No license is granted by implication or otherwise under any

patent, copyright, or other intellectual property right of F5. F5 reserves the right to change specifications at

any time without notice.

Trademarks

F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, iControl, GLOBAL-SITE, SEE-IT, EDGE-FX, FireGuard,

Internet Control Architecture, IP Application Switch, Packet Velocity, iRules, SYN Check, FirePass, and

Webifyer are registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other

countries. All other trademarks mentioned in this document are the property of their respective owners. F5

Networks' trademarks may not be used in connection with any product or service except as permitted in

writing by F5.

Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States

government may consider it a criminal offense to export this product from the United States.

Export Warning

This is a Class A product. In a domestic environment this product may cause radio interference in which

case the user may be required to take adequate measures.

FCC Compliance

This equipment generates, uses, and may emit radio frequency energy. The equipment has been type tested

and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules, which

are designed to provide reasonable protection against such radio frequency interference.

Operation of this equipment in a residential area may cause interference, in which case the user at his own

expense will be required to take whatever measures may be required to correct the interference.

Any modifications to this device, unless expressly approved by the manufacturer, can void the user's

authority to operate this equipment under part 15 of the FCC rules.

Canadian Regulatory Compliance

This class A digital apparatus complies with Canadian I CES-003.

Standards Compliance

The product conforms to ANSI/UL Std 1950 and Certified to CAN/CSA Std. C22.2 No. 950.

Table of Contents

FirePass

™

Server Administrator Guide v

Introducing the FirePass Server

The FirePass remote access solution ........................................................................................1-1

The FirePass server models ........................................................................................................1-1

The FirePass server features .......................................................................................................1-2

Overview of features ............................................................................................................1-2

FirePass server features .......................................................................................................1-3

About this guide ..............................................................................................................................1-4

Audience ..................................................................................................................................1-4

Finding help and technical support resources ..........................................................................1-5

Deploying the FirePass Server

Overview of deploying the FirePass server .............................................................................2-1

Summary of tasks for installing and deploying the FirePass server ............................2-1

Configuring a firewall to work with the FirePass server ......................................................2-2

Overview of the firewall configuration process ............................................................2-3

About the traffic between a remote user’s browser and the FirePass server ........2-5

About the traffic between the FirePass server and network services .....................2-6

About the traffic between FirePass server and application services ........................2-7

About the traffic between the FirePass server and the Desktop Agent .................2-9

Understanding name resolution issues for FirePass servers with

a private IP address .................................................................................................................... 2-11

Installing the FirePass server .................................................................................................... 2-12

Unpacking the FirePass server ......................................................................................... 2-12

Installing the FirePass server in an equipment rack .................................................... 2-12

Connecting the FirePass server to a network and powering up ............................. 2-12

Performing the initial FirePass IP configuration ........................................................... 2-14

Testing network connectivity ..................................................................................................2-16

Using the Administrative Console to configure the FirePass server .............................. 2-17

Logging Into the Administrative Console ...................................................................... 2-17

Changing the superuser password ................................................................................ 2-18

Installing your license ......................................................................................................... 2-19

Displaying a list of current settings and licensed features ........................................ 2-19

Using the Administrative Console to access the Maintenance Console ............... 2-20

Logging out of the Administrative Console .................................................................. 2-20

Using the Maintenance Console ............................................................................................... 2-21

What’s next? ................................................................................................................................ 2-23

Setting Up FirePass Server Security

Overview of setting up FirePass server security .....................................................................3-1

Working with groups ....................................................................................................................3-2

Creating groups ......................................................................................................................3-3

Deleting groups ......................................................................................................................3-4

Moving users to a different group ......................................................................................3-4

Showing a list of all users in a group .................................................................................3-4

Using Windows domain-based group mapping ...............................................................3-4

Using LDAP-based group mapping ....................................................................................3-6

Working with user accounts ....................................................................................................3-11

Manually adding user accounts ....................................................................................... 3-11

Importing user accounts from a Windows domain server ....................................... 3-13

Importing user accounts from an LDAP server .......................................................... 3-15

Importing user accounts from a comma or tab delimited text file ......................... 3-16

Table of Contents

Using signup templates to add user accounts .............................................................. 3-16

Using NFS user permissions from a UNIX password file ......................................... 3-17

Changing user accounts ................................................................................................... 3-19

Activating, deactivating, or deleting user accounts .................................................... 3-19

Assigning administrative privileges to a user account ............................................... 3-19

Searching for user accounts ............................................................................................. 3-21

Generating a My Desktop client software installation key ....................................... 3-21

Installing My Desktop client software at a user’s computer ..................................... 3-22

Setting up FirePass server authentication .............................................................................. 3-23

Converting to internal database authentication .......................................................... 3-23

Setting up RADIUS server authentication ................................................................... 3-24

Setting up a RADIUS server to work with the FirePass server ............................... 3-25

Setting up Windows domain server authentication ................................................... 3-25

Setting up LDAP server authentication ........................................................................ 3-27

Setting Up VASCO DigiPass authentication ................................................................ 3-28

Setting up certificates .................................................................................................................. 3-29

Changing the FirePass server name ................................................................................ 3-30

Generating a server certificate request ......................................................................... 3-30

Installing or renewing a server certificate ..................................................................... 3-31

Using client certificates to authenticate a user’s computer ...................................... 3-31

Limiting access to the administrative console by IP address ............................................. 3-35

What’s next? ................................................................................................................................. 3-35

Configuring the FirePass Webifyers

Overview of the FirePass Webifyers ..........................................................................................4-1

Configuring the My Files Webifyer ............................................................................................4-3

Defining Network Folder Favorites for the My Files Webifyer ................................4-3

Limiting a group’s access to the Network Folder Favorites ......................................4-3

Enabling virus scanning and file uploading for the My Files Webifyer ......................4-4

Configuring advanced settings for the My Files Webifyer ............................................4-4

Using client certification validation for the My Files Webifyer ..................................4-5

Configuring the My NFS Webifyer ............................................................................................4-6

Defining favorites for the My NFS Webifyer .................................................................4-6

Defining NFS shared folders for the My NFS Webifyer ...............................................4-7

Limiting a group’s access to the NFS Favorites .............................................................4-7

Using client certification validation for the My NFS Webifyer ..................................4-7

Configuring the My Intranet Webifyer .....................................................................................4-8

Defining intranet favorites for the My Intranet Webifyer ............................................4-8

Limiting a group’s access to the Intranet Favorites .................................................... 4-10

Using client certification validation for the My Intranet Webifyer ........................ 4-10

Configuring the My E-mail Webifyer ...................................................................................... 4-11

Configuring an email account .......................................................................................... 4-11

Obtaining each user’s email information based on an LDAP query ...................... 4-12

Disabling email attachment downloads ........................................................................ 4-13

Obtaining email addresses from an LDAP server ...................................................... 4-13

Using client certification validation for the My E-mail Webifyer ............................ 4-14

Configuring the Terminal Services Webifyer ....................................................................... 4-15

Configuring screen resolution and Terminal Services Favorites ............................. 4-15

Limiting a group’s access to the Terminal Service Favorites ................................... 4-17

Using client certification validation for the Terminal Service Webifyer ............... 4-17

Configuring the AppTunnels Webifyer .................................................................................. 4-18

Configuring AppTunnel Favorites .................................................................................. 4-18

Compressing traffic between the client and the FirePass server ........................... 4-20

Limiting a group’s access to the AppTunnels Favorites ............................................. 4-20

Table of Contents

FirePass

™

Server Administrator Guide vii

Using client certification validation for the AppTunnels Webifyer ........................ 4-20

Configuring the Host Access Webifyer ................................................................................. 4-21

Configuring Host Access Favorites ............................................................................... 4-21

Displaying active host access sessions .......................................................................... 4-22

Limiting a group’s access to the host access favorites .............................................. 4-22

Using client certification validation for the Host Access Webifyer ....................... 4-22

Configuring SSL-VPN ................................................................................................................. 4-23

Configuring global SSL VPN settings ............................................................................. 4-24

Configuring global SSL VPN packet filter rules ........................................................... 4-25

Configuring global SSL VPN timeout rules .................................................................. 4-26

Configuring global SSL VPN client appearance ........................................................... 4-26

Configuring the SSL VPN Webifyer for a group ........................................................ 4-27

Configuring group packet filter rules ............................................................................ 4-29

Configuring drive mappings for the SSL VPN Webifyer ........................................... 4-29

Launching applications automatically with the SSL VPN Webifyer ........................ 4-30

Using client certification validation for the SSL VPN Webifyer ............................. 4-30

Configuring the My Desktop Webifyer ................................................................................. 4-31

Configuring the My Desktop server ports .................................................................. 4-31

Configuring My Desktop Webifyer for cluster servers ............................................ 4-32

Disabling bridge access to desktops .............................................................................. 4-32

Using client certification validation for the My Desktop Webifyer ....................... 4-33

Configuring the Guest Access Webifyer ..................................................................... 4-33

Configuring the X-Windows Access Webifyer ................................................................... 4-35

Configuring X-Windows hosts for remote access ..................................................... 4-35

Using client certificate validation for Webifyers ................................................................... 4-38

Managing, Monitoring, and Maintaining the FirePass Server

Maintaining the network configuration settings .....................................................................5-1

Configuring IP addresses and subnets ...............................................................................5-1

Configuring routing tables and rules .................................................................................5-2

Configuring Domain Name Servers (DNS) .....................................................................5-4

Configuring host names ........................................................................................................5-5

Configuring services ..............................................................................................................5-5

Configuring Desktop services .............................................................................................5-8

Other network settings ........................................................................................................5-8

Configuring IPSec for the FirePass server ................................................................................5-9

Managing FirePass licenses ......................................................................................................... 5-11

Obtaining a license for the first time .............................................................................. 5-11

Installing your license ......................................................................................................... 5-11

Adding capacity or features to your license ................................................................. 5-11

Mapping FirePass users to NFS users .................................................................................... 5-12

Specifying HTTP and SSL proxies ........................................................................................... 5-14

Configuring an SNMP agent .....................................................................................................5-15

Shutting down and restarting FirePass .................................................................................... 5-17

Shutting down the FirePass server ................................................................................. 5-17

Restarting the FirePass server or services .................................................................... 5-17

Stopping and starting the bridge .................................................................................... 5-18

Backing up and restoring the FirePass server ...................................................................... 5-19

Specifying the email server ...................................................................................................... 5-20

Specifying the FirePass administrator’s email address ......................................................... 5-20

Granting Administrator privileges to other users ................................................................ 5-21

Specifying the time, time zone, and NTP server ................................................................. 5-22

Configuring client caching and compression settings ......................................................... 5-23

Managing log files ........................................................................................................................ 5-25

Table of Contents

viii

Updating the FirePass server’s firmware ............................................................................... 5-27

Adding definitions for other types of browsers .................................................................. 5-28

Monitoring the FirePass server ............................................................................................... 5-29

Monitoring the load on a FirePass server .................................................................... 5-29

Displaying FirePass server statistics .............................................................................. 5-30

Capturing network packets to troubleshoot networking problems ..................... 5-30

Customizing the user’s home page .......................................................................................... 5-31

Providing SSH access for Technical Support ......................................................................... 5-31

Using FirePass Reports

Overview of FirePass server reports ........................................................................................6-1

Using the Logon report ................................................................................................................6-2

Using the My Desktop Activations report ...............................................................................6-3

Using the Session report ..............................................................................................................6-4

Using HTTP Log reports ..............................................................................................................6-5

Using the Application Log report ..............................................................................................6-6

Using the Summary report ..........................................................................................................6-7

Using the Group report ...............................................................................................................6-8

Configuring FirePass Failover Servers and Cluster Servers

Using FirePass failover servers ...................................................................................................7-1

Installing FirePass failover servers ....................................................................................7-1

Configuring the IP addresses for failover servers .........................................................7-1

Powering up failover servers .............................................................................................7-2

Configuring the failover settings .......................................................................................7-3

Making a standby server the active server .....................................................................7-4

Using FirePass server clusters ....................................................................................................7-5

Installing multiple FirePass servers as a cluster .............................................................7-5

Powering up FirePass server clusters ..............................................................................7-5

Configuring FirePass server clusters ................................................................................7-6

Preliminary configuration .....................................................................................................7-6

Configuring clustered servers .............................................................................................7-7

Accessing a slave server’s configuration while connected to a master server ........7-8

Displaying statistics for a FirePass server cluster ..........................................................7-8

Index

Table of contents

Other F5 Server manuals

F5 Acopia ARX 500/A106 User manual

F5 VIPRION 2400 Assembly Instructions

F5 ARX-1500 User manual

F5 WANJet 400 Appliance Quick start guide

F5 BIG-IP 8950 Assembly Instructions

F5 ARX-2500 User manual

F5 ARX-2500 Manual

Popular Server manuals by other brands

HP Tc2120 - Server - 256 MB RAM installation guide

Lenovo

Lenovo ThinkServer RD230 manual

Avocent

Avocent CPS810 Installer/user guide

Dell

Dell PowerEdge R6615 Installation and service manual

FreeWave

FreeWave HT2+ installation guide

GIGA-BYTE TECHNOLOGY

GIGA-BYTE TECHNOLOGY G492-Z50 user manual

Lanner

Lanner HTCA-E400 user manual

Bull

Bull NovaScale T840 E2 user guide

Asus

Asus RS740-E70RS24-EG Configuration guide

Meinberg

Meinberg LANTIME M300/TCR manual 

HP ProLiant SL335s G7 Maintenance and service guide

ZyXEL Communications

ZyXEL Communications VANTAGE RADIUS 50 user guide

Lantronix

Lantronix xDirect-IAP quick start guide

Fujitsu

Fujitsu PRIMEQUEST 2400E3 General description

IBM

IBM 9040-MR9 manual

IBM

IBM 306m - eServer xSeries - 8849 user guide

green hippo

green hippo Hippotizer Nevis+ quick start guide

IBM

IBM 8203-E4A Brochure & specs

F5 FirePass Service manual

Popular Server manuals by other brands