Administration Guide 107
Setting the Priority of Groups
The following two settings are unioned together. For these settings, they are combined among all of the
groups of which the user is a member. When these are combined, these are the enforced set of rules
applied to the user. For example, if a user is a member of the sales and support groups, if the sales group
has notepad.exe and calc.exe defined as an end point policy, and if the support groups have just Inter-
net Explorer defined, all of the policies are enforced for the user.
• Kiosk mode configuration, which includes persistent mode, the applications the user can use,
and the default Web address with which the user connects
• End point policies that specify registry settings, processes, or files that must be on the client
If users are members of multiple groups, and IP pooling is enabled in one of those groups, the Firebox
SSL VPN Gateway allocates an IP address from the pool for the first group that has IP pooling enabled.
Groups are initially listed in the order in which they are created.
To set the priority of groups
1 Click the Group Priority tab.
2 Select a group that you want to move and use the arrow keys to raise or lower the group in the list.
The group at the top of the list has the highest priority.
To view the group priorities for a user
In the Firebox SSL VPN Gateway Administration Desktop, click the Real-time Monitor icon.
The display lists all groups to which the user belongs and the group with the highest priority.
Configuring Pre-Authentication Policies
Users can be restricted from logging on to the Firebox SSL VPN Gateway using pre-authentication poli-
cies. When users use a Web browser to connect to the Firebox SSL VPN Gateway, before they receive the
logon dialog box, the pre-authentication policy scans the client computer. If the scan fails, users are pre-
vented from logging on. To log on to the Web portal, the client needs to install the correct applications.
To create pre-authentication policies
1 Click the Access Policy Manager tab.
2 Under End Point Policies, click the configured policy and drag it to Pre-Authentication Policies in
the left pane (located under the Global Policies policy node).
To create and configure end point resources and policies, see “Configuring End Point Policies and