WatchGuard Technologies V10.0 manual Phase2 Settings

Page 17

Modifying an Existing Mobile VPN Profile

Phase2 Settings

Select the proposal and key expiration settings for the Mobile VPN tunnel. You can also enable Perfect Forward Secrecy (PFS) or set the Diffie-Hellman group. To change other proposal settings, click the Proposal button, and see the procedure described in “Defining advanced Phase 2 settings” on page 16.

6Click the Resources tab.

7Use the following fields to add and remove allowed network resources and virtual IP addresses:

Force All Traffic Through Tunnel

Select this check box to send all Mobile VPN user Internet traffic through the VPN tunnel. When this is selected, Mobile VPN user Internet traffic is sent through the VPN, but web sites can be slower for those users. If this is not selected, Mobile VPN user Internet traffic is not sent safely, but users can browse the Internet more quickly.

Allowed Resources list

This list shows the resources that users in the Mobile VPN authentication group can get access to on the network. Click Add to add an IP address or IP address range to the network resources list. Click Remove to clear the selected IP address or IP address range from the network resources list.

Virtual IP Address Pool

This list shows the internal IP addresses that are used by Mobile VPN users over the tunnel. These addresses are used only when they are needed. Click Add to add an IP address or IP address range to the virtual IP address pool. Click Remove to clear the selected IP address or IP address range from the virtual IP address pool.

8Click OK.

You return to the Remote Users Configuration dialog box.

End-user profiles (*.wgx) for the profile you edited are automatically regenerated. You must distribute new end-user profiles to the affected users and groups.

Administrator Guide

15

Image 17

Contents WatchGuardMobile VPN with IPSec Administrator Guide Address Before You Begin About Mobile VPN Client Configuration FilesEnabling Mobile VPN for a Firebox User Account Select the Enable Muvpn for this account check boxGet the user’s .wgx file Configuring Global Mobile VPN Client SettingsDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Adding Users to a Firebox Mobile VPN Group Modifying an Existing Mobile VPN ProfileConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Allowing Internet access through Mobile VPN tunnels Configuring Wins and DNS ServersOn the Mobile User VPN tab, click Advanced Locking Down an End-User ProfileSeeing details on an Mobile VPN policy Configuring Policies to Filter Mobile VPN TrafficAdd individual policies Saving the Profile to a Firebox Using the Any PolicyRe-creating End-User Profiles Making outbound IPSec connections from behind a Firebox Additional Mobile VPN TopicsAdding feature keys Global VPN settingsTerminating IPSec connections Seeing the number of Mobile VPN licensesMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Window AutoStart No Autostart Select Configuration Profile ImportImporting the end-user profile Selecting a certificate and entering the PIN Connecting the Mobile VPN ClientUninstalling the Mobile VPN client Start All Programs WatchGuard Mobile VPN Mobile VPN Monitor Disconnecting the Mobile VPN clientControlling connection behavior Mobile User VPN client icon Seeing Mobile VPN Log MessagesEnabling the link firewall Securing Your Computer with the Mobile VPN FirewallEnabling the desktop firewall Configuration Firewall SettingsAbout the desktop firewall Creating firewall rules Defining friendly networksGeneral tab Local tab Remote tab