WatchGuard Technologies V10.0 manual Use a certificate

Page 16

Modifying an Existing Mobile VPN Profile

timeouts for the Mobile VPN group are always ignored because you set timeouts in the individual Firebox user accounts.

The session and idle timeouts cannot be longer than the value in the SA Life field. To set this field, from the IPSec Tunnel tab of the Edit MUVPN Extended Authentication Group dialog box, click Advanced. The default value is 8 hours.

4Click the IPSec Tunnel tab.

5Use the following fields to edit the IPSec settings:

Use the passphrase of the end-user profile as the pre-shared key

Select this setting to use the passphrase of the end-user profile as the pre-shared key for tunnel authentication. You must use the same shared key on the remote device, and this shared key can use only standard ASCII characters.

Use a certificate

Select this setting to use a certificate for tunnel authentication. You must start the WatchGuard Certificate Authority if you select certificate-based authentication. You must also use the WatchGuard Log Server for log messages and the Firebox must be a managed client of a WatchGuard Management Server.The WatchGuard Certificate Authority is installed by default as part of the Management Server installation.

CA IP address

(This field appears only if you select to use a certificate) Type the IP address for the certificate authority (CA).

Timeout

(This field appears only if you select to use a certificate) Type the time in seconds before the certificate authority request times out.

Phase1 Settings

Select the authentication and encryption methods for the Mobile VPN tunnel. These settings must be the same for both VPN endpoints. To configure advanced settings, such as NAT Traversal or the key group, click the Advanced button, and see the procedure described in “Defining advanced Phase 1 settings” on page 16.

14

Mobile User VPN

Page 15 Page 17
Image 16
Page 15 Page 17
Contents WatchGuardMobile VPN with IPSec Administrator Guide Address About Mobile VPN Client Configuration Files Before You BeginSelect the Enable Muvpn for this account check box Enabling Mobile VPN for a Firebox User AccountConfiguring Global Mobile VPN Client Settings Get the user’s .wgx fileDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Modifying an Existing Mobile VPN Profile Adding Users to a Firebox Mobile VPN GroupConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Configuring Wins and DNS Servers Allowing Internet access through Mobile VPN tunnelsLocking Down an End-User Profile On the Mobile User VPN tab, click AdvancedAdd individual policies Configuring Policies to Filter Mobile VPN TrafficSeeing details on an Mobile VPN policy Re-creating End-User Profiles Using the Any PolicySaving the Profile to a Firebox Additional Mobile VPN Topics Making outbound IPSec connections from behind a FireboxGlobal VPN settings Adding feature keysTerminating IPSec connections Seeing the number of Mobile VPN licensesMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Importing the end-user profile Select Configuration Profile ImportWindow AutoStart No Autostart Uninstalling the Mobile VPN client Connecting the Mobile VPN ClientSelecting a certificate and entering the PIN Controlling connection behavior Disconnecting the Mobile VPN clientStart All Programs WatchGuard Mobile VPN Mobile VPN Monitor Seeing Mobile VPN Log Messages Mobile User VPN client iconSecuring Your Computer with the Mobile VPN Firewall Enabling the link firewallAbout the desktop firewall Configuration Firewall SettingsEnabling the desktop firewall Defining friendly networks Creating firewall rulesGeneral tab Local tab Remote tab
Top Page Image Contents