Administration Guide 95Configuring Properties for a User GroupChoosing a portal page for a groupBy default, all users log on to the Firebox SSL VPN Gateway using the Secure Access Client from thedefault portal page or by downloading and installing the Secure Access Client on their computer. Youcan load custom portal pages on the Firebox SSL VPN Gateway, as described in “Using Portal Pages” onpage 38, and then select a portal page for each group. This enables you to control which of the FireboxSSL VPN Gateway clients are available by group.NoteDisabling portal page authentication on the Global Policies page overrides the Portal Page setting for allgroups. For more information, see “Enabling Portal Page Authentication” on page 41.To specify a portal page for a group1 On the Access Policy Manager tab, under User Groups, right-click a group and click Properties.2 On the Gateway Portal tab, under Portal Configuration, click Use Custom Portal Page.3 In Use this custom portal page, select the page.4 Click OK.Client certificate criteria configurationTo specify criteria that client certificates must meet, use a Boolean expression. To belong to a group, theuser must meet the certificate criteria in addition to passing all other authentication rules that are con-figured for that group. For example, the following criteria requires that the subject field of the client cer-tificate provided by a user has the Organization Unit (OU) set to Accounting and the Common Name(CN) attribute set to a value matching the user’s local user name on the Firebox SSL VPN Gateway.client_cert_end_user_subject_organizational_unit=“Accouting” and user-name=client_cert_end_user_subject_common_name.Valid operators for the client certificate are as follows:and logical AND= equality testValid constants for the criteria are:true logical TRUEValid variables for the criteria are:username local user name on the Firebox SSL VPN Gatewayclient_cert_end_user_subject_common_name CN attribute of the Subject of the client certificateclient_cert_end_user_subject_organizational_unit OU attribute of the Subject of the client certificateclient_cert_end_user_subject_organization O attribute of the Subject of the client certificateValues for the client certificate criteria on the User Groups tab require quotation marks around them towork. Correct and incorrect examples are:The Boolean expressionclient_cert_end_user_subject_common_name=“clients.gateways.watchguard.com”is valid and it works.The Boolean expressionclient_cert_end_user_subject_common_name=clients.gateways.watchguard.comis not valid and does not work