WatchGuard Technologies V10.0 manual Securing Your Computer with the Mobile VPN Firewall

Page 31

Securing Your Computer with the Mobile VPN Firewall

Securing Your Computer with the Mobile VPN Firewall

The WatchGuard® Mobile VPN with IPSec client includes two firewall components:

Link firewall

The link firewall is not enabled by default. When the link firewall is enabled, your computer will discard any packets received from other computers. You can choose to enable the link firewall only when a Mobile VPN tunnel is active, or enable it all the time.

Desktop firewall

This full-featured firewall can control connections to and from your computer. You can define friendly networks and set access rules separately for friendly and unknown networks.

Enabling the link firewall

When the link firewall is enabled, the Mobile VPN client software drops any packets sent to your com- puter from other hosts. It allows only packets sent to your computer in response to packets your com- puter sends. For example, if you send a request to an HTTP server through the tunnel from your computer, the reply traffic from the HTTP server is allowed. If a host tries to send an HTTP request to your computer through the tunnel, it is denied.

To enable the link firewall:

1From the WatchGuard Mobile VPN Connection Monitor, select Configuration > Profile Settings.

2Select the profile you want to enable the link firewall for and select Configure.

3From the left pane, select Link Firewall.

Administrator Guide

29

Image 31
Contents WatchGuardMobile VPN with IPSec Administrator Guide Address Before You Begin About Mobile VPN Client Configuration FilesEnabling Mobile VPN for a Firebox User Account Select the Enable Muvpn for this account check boxGet the user’s .wgx file Configuring Global Mobile VPN Client SettingsDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Adding Users to a Firebox Mobile VPN Group Modifying an Existing Mobile VPN ProfileConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Allowing Internet access through Mobile VPN tunnels Configuring Wins and DNS ServersOn the Mobile User VPN tab, click Advanced Locking Down an End-User ProfileAdd individual policies Configuring Policies to Filter Mobile VPN TrafficSeeing details on an Mobile VPN policy Re-creating End-User Profiles Using the Any PolicySaving the Profile to a Firebox Making outbound IPSec connections from behind a Firebox Additional Mobile VPN TopicsSeeing the number of Mobile VPN licenses Global VPN settingsAdding feature keys Terminating IPSec connectionsMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Importing the end-user profile Select Configuration Profile ImportWindow AutoStart No Autostart Uninstalling the Mobile VPN client Connecting the Mobile VPN ClientSelecting a certificate and entering the PIN Controlling connection behavior Disconnecting the Mobile VPN clientStart All Programs WatchGuard Mobile VPN Mobile VPN Monitor Mobile User VPN client icon Seeing Mobile VPN Log MessagesEnabling the link firewall Securing Your Computer with the Mobile VPN FirewallAbout the desktop firewall Configuration Firewall SettingsEnabling the desktop firewall Creating firewall rules Defining friendly networksGeneral tab Local tab Remote tab