September 5, 2012

How to Assign a Resource by Username on a Watchguard SSL100 Device

by OmegaIT — Categories: Watchguard TechnologiesComments Off

We had a need that several of our employees needed to connect to their desktop computers from home or from the road.  We purchased the Watchguard SSL100 to present our users’ with a simple web interface that they could log in to, and then RDP to their computers at their desks.

In my environment, we are using the Active Directory Authentication Method to authenticate users on the SSL100.  If you are assigning Resources by groups on the SSL100 it works great.  However, the Watchguard SSL100 does not do a more granular resource assessment to the user level.  Meaning, if you setup a resource, then made an access rule that said that the Windows username must match a specific username, that resource was not available to the user.

That last statement is not entirely true.  If the remote user is connecting with a computer that is a member of your domain, then the Assessment will work.  In my case, most of the remote users will be connecting with their home PCs, so the user name assessment would not work.

There is a work around by creating a custom attribute for a user, then creating a group based off of that custom attribute.

Note:  The following steps assumes that you already have setup the SSL100 to user Active Directory authentication method, configured the External Directory Service, and have created a resource you want to apply the access rule to.

Creating a User

  • Because I am using the Active Directory authentication method, I will create a user by clicking on User Management>Create User Account by Linking.  In this example I am using a test account with a username of testuser.
  • Enter the username in the User ID field, then click Link User

  • Click on the User Management tab, find your new user, and click on their username.
  • Under Edit User Account, click on Add Custom Attribute…

  • In the Add Custom Attribute screen, enter rdptestuser in the Name field, and then enter the username in the Value field.

  • Click on Update to save your changes.

Creating the User Group

  • Click on User Management>User Groups.
  • Click on Add User Group
  • Select User Property group, and then click Next.
  • Complete the Add User Group form:
    • Display Name:  RDP Testuser
    • Description:  RDP access for testuser
    • Attribute Source:  Custom-defined
    • Attribute Name:  rdptestuser – Must match custom attribute created for the user
    • Attribute Value:  testuser – Must match custom attribute created for the user

  • Click Finish Wizard to complete the setup.
  • Click Finish Wizard again to save the group.

Create the Access Rule

  • Click on Resource Access>Access Rules
  • Click on Add Access Rule…
  • Enter the display name Testuser user, and then click Next.

  • Under Add Access Type, select User group membership and then click Next.
  • Under Available User Groups find the group we created in the previous step, in this case, RDP Testuser, highlight the group and then click Add>

  • Click Next to continue.
  • The Summary page will display, click Next to continue.
  • The Add Access Rule displays, click Next to continue.
  • The Apply Access Rule to Resources screen displays, select the resource you want to use this access rule for, click Add>, and then click Next to continue.
  • At the Confirm Access Rule, click Finish Wizard.
  • Click the Publish button to save the changes to the SSL100.

Links

Watchguard SSL100 About Resources: http://www.watchguard.com/help/docs/ssl/3/en-US/index_Left.html#CSHID=en-US%2Fresource_access%2Fresources_about.html|StartTopic=Content%2Fen-US%2Fresource_access%2Fresources_about.html|SkinName=WG_SSL (en-US)

Ω

© 2017 Omega IT Solutions All rights reserved - Mobile View