WatchGuard Technologies V10.0 manual Terminating IPSec connections, Global VPN settings

Page 24

Additional Mobile VPN Topics

Terminating IPSec connections

To fully stop VPN connections, the Firebox must be restarted. Removing the IPSec policy does not stop current connections.

Global VPN settings

Global VPN settings on your Firebox apply to all manual BOVPN tunnels, managed tunnels, and Mobile VPN tunnels. You can use these settings to:

Enable IPSec pass-through.

Clear or maintain the settings of packets with Type of Service (TOS) bits set.

Use an LDAP server to verify certificates.

To change these settings, from Policy Manager, select VPN > VPN Settings. For more information on these settings, see the Basic Configuration Setup chapter in the WatchGuard System Manager User Guide.

Seeing the number of Mobile VPN licenses

To see the number of Mobile VPN licenses that are installed, from Policy Manager, select

Setup > Feature Keys. From the Firebox Feature Keys dialog box, click Active Features. Scroll down to the value MUVPN_USERS and look at the number in the Capacity column. This is the number of installed Mobile VPN licenses.

Purchasing additional Mobile VPN licenses

WatchGuard Mobile VPN with IPSec is an optional feature. Each Firebox X device includes a number of Mobile VPN licenses. You can purchase more licenses for Mobile VPN.

Licenses are available through your local reseller or at:

http://www.watchguard.com/sales

Adding feature keys

For information on adding feature keys, see “Working with Feature Keys” in the WatchGuard System Manager User Guide.

Mobile VPN and VPN failover

You can configure VPN tunnels to fail over to a backup endpoint if the primary endpoint becomes unavailable. For more information on VPN failover, see the WatchGuard System Manager User Guide.

If VPN failover is configured and failover occurs, Mobile VPN sessions do not continue. You must authenticate your Mobile VPN client again to make a new Mobile VPN tunnel.

To configure VPN failover for Mobile VPN tunnels, on the General tab of the Edit MUVPN Extended Authentication Group dialog box, enter a backup WAN interface in the Backup field in the Firebox IP box. You can specify only one backup interface for tunnels to fail over to, even if you have additional WAN interfaces.

22

Mobile User VPN

Page 23 Page 25
Image 24
Page 23 Page 25
Contents WatchGuardMobile VPN with IPSec Administrator Guide Address About Mobile VPN Client Configuration Files Before You BeginSelect the Enable Muvpn for this account check box Enabling Mobile VPN for a Firebox User AccountConfiguring Global Mobile VPN Client Settings Get the user’s .wgx fileDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Modifying an Existing Mobile VPN Profile Adding Users to a Firebox Mobile VPN GroupConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Configuring Wins and DNS Servers Allowing Internet access through Mobile VPN tunnelsLocking Down an End-User Profile On the Mobile User VPN tab, click AdvancedConfiguring Policies to Filter Mobile VPN Traffic Add individual policiesSeeing details on an Mobile VPN policy Using the Any Policy Re-creating End-User ProfilesSaving the Profile to a Firebox Additional Mobile VPN Topics Making outbound IPSec connections from behind a FireboxGlobal VPN settings Adding feature keysTerminating IPSec connections Seeing the number of Mobile VPN licensesMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Select Configuration Profile Import Importing the end-user profileWindow AutoStart No Autostart Connecting the Mobile VPN Client Uninstalling the Mobile VPN clientSelecting a certificate and entering the PIN Disconnecting the Mobile VPN client Controlling connection behaviorStart All Programs WatchGuard Mobile VPN Mobile VPN Monitor Seeing Mobile VPN Log Messages Mobile User VPN client iconSecuring Your Computer with the Mobile VPN Firewall Enabling the link firewallConfiguration Firewall Settings About the desktop firewallEnabling the desktop firewall Defining friendly networks Creating firewall rulesGeneral tab Local tab Remote tab
Top Page Image Contents