WatchGuard Technologies V10.0 manual Before You Begin, About Mobile VPN Client Configuration Files

Page 3

1

Configure the Firebox X Edge to use Mobile VPN with IPSec

The WatchGuard® Mobile VPN with IPSec client is a software application that is installed on a remote computer. The client makes a secure connection from the remote computer to your protected network through an unsecured network. The Mobile VPN client uses Internet Protocol Security (IPSec) to secure the connection.

This document gives basic configuration instructions on how to configure a Mobile VPN tunnel between the WatchGuard Mobile VPN with IPSec client and a Firebox® X Edge device.

Before You Begin

Before you begin, make sure you understand:

You can install the Mobile VPN with IPSec client software on any computer running Windows 2000 Professional, Windows XP (32-bit) or Windows Vista (32-bit and 64-bit). Before you install the client software, make sure the remote computer does not have any other IPSec mobile user VPN client software installed. You must also uninstall any desktop firewall software (other than Microsoft firewall software) from each remote computer.

If the Mobile VPN with IPsec client software is installed on a computer with Windows Vista and the Windows Vista Firewall is in use, you must add a firewall exception (Control Panel > Security > Windows Firewall > Change Settings > Exceptions) for UDP port 4500. This will enable Mobile VPN keep-alive packets from the Firebox® to reach your client and keep the VPN tunnel up.

About Mobile VPN Client Configuration Files

With Mobile VPN with IPSec, the Firebox® X Edge administrator controls end-user profiles. You use the Edge web configuration interface to set the name of the end user and create a client configuration file, or profile, with the file extension .wgx. The .wgx file contains the shared key, user identification, IP addresses, and settings that are used to create a secure tunnel between the remote computer and the Edge. This file is encrypted with a key that is eight characters or greater in length. This key must be known to the administrator and the remote user. When the remote client imports the .wgx file, this key is used to decrypt the file for use in the client software.

Administrator Guide

1

Page 2 Page 4
Image 3
Page 2 Page 4
Contents WatchGuardMobile VPN with IPSec Administrator Guide Address Before You Begin About Mobile VPN Client Configuration FilesEnabling Mobile VPN for a Firebox User Account Select the Enable Muvpn for this account check boxGet the user’s .wgx file Configuring Global Mobile VPN Client SettingsDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Adding Users to a Firebox Mobile VPN Group Modifying an Existing Mobile VPN ProfileConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Allowing Internet access through Mobile VPN tunnels Configuring Wins and DNS ServersOn the Mobile User VPN tab, click Advanced Locking Down an End-User ProfileConfiguring Policies to Filter Mobile VPN Traffic Add individual policiesSeeing details on an Mobile VPN policy Using the Any Policy Re-creating End-User ProfilesSaving the Profile to a Firebox Making outbound IPSec connections from behind a Firebox Additional Mobile VPN TopicsSeeing the number of Mobile VPN licenses Global VPN settingsAdding feature keys Terminating IPSec connectionsMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Select Configuration Profile Import Importing the end-user profileWindow AutoStart No Autostart Connecting the Mobile VPN Client Uninstalling the Mobile VPN clientSelecting a certificate and entering the PIN Disconnecting the Mobile VPN client Controlling connection behaviorStart All Programs WatchGuard Mobile VPN Mobile VPN Monitor Mobile User VPN client icon Seeing Mobile VPN Log MessagesEnabling the link firewall Securing Your Computer with the Mobile VPN FirewallConfiguration Firewall Settings About the desktop firewallEnabling the desktop firewall Creating firewall rules Defining friendly networksGeneral tab Local tab Remote tab
Top Page Image Contents