
Administration Guide 149
APPENDIX B Using Firewalls with Firebox SSL
VPN Gateway
If a user cannot establish a connection to the Firebox SSL VPN Gateway or cannot access allowed
resources, it is possible that the firewall software on the user’s computer is blocking traffic. The Firebox
SSL VPN Gateway works with any personal firewall, provided that the application allows the user to
specify a trusted network or IP address for the Firebox SSL VPN Gateway.
This section discuss the following popular firewalls and configuration instructions for them.
BlackICE PC Protection
•McAfee Personal Firewall Plus
•Norton Personal Firewall
Sygate Personal Firewall (Free and Pro Versions)
•Tiny Personal Firewall
•ZoneAlarm Pro
The following sections are a supplement to the firewall manufacturer’s documentation. The
recommended source for current information about firewall applications and configuration is the
manufacturer’s documentation.
WatchGuard recommends that the user’s personal firewall allow full access for the Secure Access Client.
If you do not want to allow full access, the following UDP and UDP/TCP ports need to be open on the cli-
ent computer:
10000 (UDP)
10010 (UDP/TCP)
10020 (UDP)
10030 (UDP)
Personal firewalls need to be configured to allow traffic to and from the Firebox SSL VPN Gateway IP
address or FQDN. To find out which ports are open, use the Secure Access Client Properties page that is
accessible from the connection icon in the notification tray. The ports that are open are listed on the
Details tab.