User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500

201

202

203

204

205

206

207

208

209

210

User and Group Management

194 Firebox X Edge e-Series

Enable Single Sign-On

1. To connect to the System Status page, type https:// in the browser address bar, and the IP address

of the Firebox X Edge trusted interface.

The default URL is: https://192.168.111.1

2. From the navigation bar, select Firebox Users > Settings.

The Firebox Users Settings page appears.

3. Make sure that the Require user authentication (enable local user accounts) check box is selected.

4. If necessary, select other access options. For more information, see Set authentication options for all

users.

5. Select the Enable Single Sign-On (SSO) check box.

6. Type the SSO agent IP address in the adjacent text box. This is the IP address of the computer on

which you installed the WatchGuard Authentication Gateway software.

7. In the Agent cache timeout text box, type the number of seconds before the SSO agent must check a

user’s login status a second time. We recommend that you keep this value small if you use short

DHCP lease times.

8. Add or remove SSO exceptions for IP addresses that the Firebox will not query for user information,

such as computers with multiple users or servers that are not part of your Active Directory domain. If

you reference these devices in your policies by name, they must authenticate with the Firebox using a

web browser.

You can type a host IP address, a network IP address in slash notation, or a range of IP addresses.

9. Click Submit to save your changes.

Install the WatchGuard Single Sign-On (SSO) agent

To use Single Sign-On (SSO), you must install the WatchGuard SSO agent. The SSO agent is a service that

receives requests for Firebox authentication and checks the user’s status with the Active Directory server. The

service runs with the name WatchGuard Authentication Gateway on the computer on which you install the

SSO agent software. The computer on which you install the SSO agent software must have the Microsoft

.NET Framework 2.0 installed.

Download the SSO agent software

1. Use your browser to go to http://www.watchguard.com/.

2. Log in with your LiveSecurity Service user name and password.

3. Click the Software Downloads link.

4. Select your Firebox type and model number.

5. Download the WatchGuard Authentication Gateway software and save the file to a convenient

location.

To use Single Sign-On with your Firebox, you must install the SSO agent on a domain computer with

a static IP address. We recommend that you install the SSO agent on your domain controller.