Distributing the Software and Profiles
Distributing the Software and Profiles
WatchGuard® recommends distributing
•Software installation package
The packages are located on the WatchGuard LiveSecurity® Service web site at: http://www.watchguard.com/support
Log in to the site using your LiveSecurity Service user name and password. Click the
Latest Software link, click
•The end-user profile
This file contains the group name, shared key, and settings that enable a remote computer to connect securely over the Internet to a protected, private computer network. The
•Two certificate
These are the .p12 file, which is an encrypted file containing the certificate; and cacert.pem, which contains the root (CA) certificate.
•User documentation
Documentation to help the remote user install the Mobile VPN client and import their Mobile VPN configuration file can be found in the “Mobile VPN Client Installation and Connection” chapter in this user guide.
•Shared key
To import the
The shared key, user name, and password are highly sensitive information. For security reasons, we recommend that you do not provide this information by email message. Because email is not secure, an unauthorized user can get the information and gain access to your internal network.
Give the user the information by telling it to the user, or by some other method that does not allow an unauthorized person to intercept it.
Additional Mobile VPN Topics
This section describes special topics for Mobile VPN with IPSec.
Making outbound IPSec connections from behind a Firebox
A user might have to make IPSec connections to a Firebox® from behind another Firebox. For example, if a mobile employee travels to a customer site that has a Firebox, that user can make IPSec connections to their network using IPSec. For the local Firebox to correctly handle the outgoing IPSec connection, you must set up an IPSec policy that includes the IPSec packet filter. For information on enabling poli- cies, see the Policies chapter in the WatchGuard® System Manager User Guide.
Because the IPSec policy enables a tunnel to the IPSec server and does not do any security checks at the firewall, add to this policy only the users that you trust.
Administrator Guide | 21 |