Contents

Configure the Access Portal

To configure the Access Portal, you must:

You can add custom icons for web applications, Remote Desktop Protocol (RDP) hosts, and Secure Shell (SSH) hosts. We recommend that image files for icons have a maximum size of 64 x 64 pixels.

The Access Portal is not supported on XTM, XTMv, T Series, M200, or M300 devices. The Access Portal is supported on FireboxV, FireboxCloud, and all other Fireboxes.

Enable the Access Portal

To enable the Access Portal, from Fireware Web UI or Policy Manager:

  1. Select Subscription Services > Access Portal.
  2. Select Enable Access Portal.

Add an Application Group

Add a Web Application

You can add external web applications to the Access Portal. For internal web applications, configure reverse proxy actions. For more information about reverse proxy actions, see Reverse Proxy for the Access Portal.

Add an RDP Host

The Access Portal supports the Any, NLA, TLS, and RDP security types for connections to RDP hosts. We recommend the default setting Any which works for most connections. When Any is selected, the Firebox negotiates the security protocol with the remote host.

If you change the security type to a setting other than Any, make sure the RDP host has the same security type configured.

For more information about Windows RDP settings, see Security Settings for Windows RDP Hosts.

For information about macOS and iOS certificates, see Certificate Requirements for macOS and iOS Devices.

Security Settings for Windows RDP Hosts

The guidelines in this section describe which Access Portal RDP security types are compatible with Remote Desktop and Security Layer settings on the Windows RDP host.

These guidelines assume the Windows operating system on the RDP host uses default Security Layer settings. The default Security Layer settings in Windows vary by operating system, and can only be changed through registry edits in some Windows operating systems. We do not support changes to Windows settings that require registry edits.

For all Windows operating systems:

  • We recommend that you select Trust Certificate in the Access Portal RDP settings.
  • If you do not select Trust Certificate, you must import the CA chain for the RDP host into the Firebox. For general certificate import instructions, see Manage Device Certificates (Web UI) or Manage Device Certificates (WSM). When you import the CA chain, you must select the General certificate function.
  • If the option Allows connections only from computers running Remote Desktop with Network Level Authentication is selected in the Remote Settings in Windows, that host only allows connections that use NLA. In the Access Portal RDP settings, you must select the NLA security type.

Certificate Requirements for macOS and iOS Devices

To connect to an RDP host from a macOS or iOS device with Safari, you must import a certificate on the macOS or iOS device. For information about certificate requirements and the import process, see Install a Certificate on a macOS or iOS Device for RDP or SSH.

Add an SSH Host

To connect to an SSH host from a macOS or iOS device with Safari, you must import a certificate on the macOS or iOS device. For information about certificate requirements and the import process, see Install a Certificate on a macOS or iOS Device for RDP or SSH.

Install a Certificate on a macOS or iOS Device for RDP or SSH

To connect to an RDP or SSH host from a macOS or iOS device with the Safari web browser, you must configure one of these certificates on the Firebox:

  • Trusted third-party web server certificate signed by a trusted CA
  • Custom web server certificate that specifies the domain name or IP address of the Access Portal

If you install a trusted third-party web server certificate on your Firebox, you do not have to install the certificate on your macOS or iOS device.

If you install a custom web server certificate on the Firebox, you must install the certificate on the macOS or iOS device. The RDP or SSH connection does not work if you only accept the certificate in the Safari web browser.

To install the certificate on a macOS device, see Keychain for Mac: Add certificates to a keychain on the Apple website.

Configure the User Connection Settings

On the User Connection Settings tab, you can specify:

  • Users and groups that can connect to applications or application groups.
  • Authentication servers
  • Access Portal port (configuration port)
  • Timeout values

Timeout settings specify when the Firebox disconnects users from the Access Portal. The Session Timeout setting indicates the maximum amount of time a user can remain connected to the Access Portal. The Idle Timeout setting indicates the maximum amount of time a user can be idle while connected to the Access Portal.

To configure the SAML single sign-on settings, see Configure SAML Single Sign-On.

See Also

About the Access Portal

Shared Settings and Policy

Customize the Access Portal Design

Customize Access Portal Page Elements with CSS

Firebox Access Portal Integration with AuthPoint

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search