Using Macintosh or Linux clients with FirePass Controller
Overview of using Macintosh and Linux clients with FirePass controller
FirePass controller, version 5.0 includes Network Access support for remote Macintosh® and Linux® clients, making FirePass controller a good option for secure remote access in mixed-platform environments. You do not need to preinstall or preconfigure any client software when using FirePass controller with Macintosh and Linux systems.
Supported Network Access features
All the primary Network Access features are supported on Macintosh and Linux clients. For more information about Network Access and configuring Network Access features, see Chapter 3, Configuring Network Access.
Features supported on Macintosh and Linux clients include:
- Secure remote access to your internal network, with support for IP-based applications (TCP and UDP).
- Split tunneling, so only network traffic you specify goes through the Network Access connection.
- Packet-based, group-based firewalls, giving you the ability to restrict groups of users to specific addresses, ranges of addresses, and ports.
- Compression, to reduce the amount of traffic passing between the remote client and your internal network.
- Application launching.
You need to configure the starting of remote client applications based on the operating system on the remote computers. All other features can be configured independent of the remote client operating systems. For details, see Configuring the starting of applications on Macintosh or Linux clients.
Supported Linux platforms
The FirePass controller, version 5.0 has been tested with the following Linux platforms:
- Red Hat®
Configuring the starting of applications on Macintosh or Linux clients
The launch application feature specifies a client application that starts when the client begins a Network Access session. Use this feature when you have remote clients who will routinely use Network Access to connect to an application server like a mail server.
Because starting an application requires operating system-specific parameters and is configured by group, you must configure it for a group that consists of only one type of computer operating system. For example, you might create a group of your remote Linux users called Linux-1.
To configure the start of applications for Macintosh and Linux clients
- On the navigation pane, click Network Access.
The Global Settings screen displays.
- On the navigation pane, click Group-based Settings.
The Group-based Settings screen displays with the Client Settings tab selected.
- Click the Launch Application tab near the top of the screen to open the Launch Applications screen.
- From the For the group list (above the tabs), select the group for which you are configuring application launch settings.
The screen refreshes to display the information for the group you selected.
Note: The group must already exist in order to configure Network Access for that group. For information on creating groups, see the online help for the Users : Group screen.
- In the App Path box, type the path of the application.
For example, on a Macintosh:
- In the Parameters box, type any parameters you want to include.
- Select the remote computer operating system from the OS list.
- Click Add to add the application for the selected group.
When remote users in the group make a Network Access connection, the application you configured starts automatically.
Client installation on Linux systems
The first time a remote user starts Network Access, a client component is downloaded from the FirePass controller. This client component is designed to be self-installing and self-configuring, but the user's browser must be Java-enabled.
If the browser does not support Java, the user is asked to download an installation script from the controller.
The remote Linux user must have superuser authority, or must be able to supply an administrative password in order to successfully install the Network Access client.
Linux systems must also include PPP support (this is most often the case). When the user runs the Network Access client and makes a connection for the first time, the client detects the presence of pppd (the point-to-point daemon), and determines whether the user has the necessary permissions to run it. If pppd is not present, or if the user does not have permissions needed to run the daemon, the connection fails.