WatchGuard Technologies V10.0 manual About the desktop firewall, Enabling the desktop firewall

Page 32

Securing Your Computer with the Mobile VPN Firewall

4From the Stateful Inspection drop-down list, select when connected or always.

If you select when connected, the link firewall operates only when the VPN tunnel is active for this profile.

If you select always, the link firewall is always active, whether the VPN tunnel is active or not.

5Click OK.

About the desktop firewall

When you enable a rule in your firewalls, you must specify what type of network the rule applies to. In the Mobile VPN client, there are three different types of networks:

VPN networks

Networks defined for the client in the client profile they import.

Unknown networks

Any network not specified in the firewall.

Friendly networks

Any network specified in the firewall as a known network.

Enabling the desktop firewall

To enable the full-featured desktop firewall:

1From the WatchGuard Mobile VPN Connection Monitor, select

Configuration > Firewall Settings.

The firewall is disabled by default.

2When you enable the firewall, you must choose between two firewall modes:

-Basic Locked Settings - When you enable this mode, the firewall denies all connections to or from your computer unless you have created a rule to specifically allow the connection.

-Basic Open Settings - When you enable this mode, the firewall allows all connections unless you have created a rule to specifically deny the connection.

30	Mobile User VPN

Image 32

Contents WatchGuardMobile VPN with IPSec Administrator Guide Address About Mobile VPN Client Configuration Files Before You BeginSelect the Enable Muvpn for this account check box Enabling Mobile VPN for a Firebox User AccountConfiguring Global Mobile VPN Client Settings Get the user’s .wgx fileDistributing the Software and Profiles Distributing the Software and ProfilesEnd-user profile Distributing the Software and Profiles Mobile User VPN Before You Begin Configuring the Firebox for Mobile VPN Select a user authentication server Configuring the Firebox for Mobile VPN Configuring the external authentication server Modifying an Existing Mobile VPN Profile Adding Users to a Firebox Mobile VPN GroupConfirm Use a certificate Phase2 Settings Defining advanced Phase 1 settings Configuring Wins and DNS Servers Allowing Internet access through Mobile VPN tunnelsLocking Down an End-User Profile On the Mobile User VPN tab, click AdvancedSeeing details on an Mobile VPN policy Configuring Policies to Filter Mobile VPN TrafficAdd individual policies Saving the Profile to a Firebox Using the Any PolicyRe-creating End-User Profiles Additional Mobile VPN Topics Making outbound IPSec connections from behind a FireboxGlobal VPN settings Adding feature keysTerminating IPSec connections Seeing the number of Mobile VPN licensesMobile VPN Client Installation and Connection Installing the Mobile VPN with IPSec Client Window AutoStart No Autostart Select Configuration Profile ImportImporting the end-user profile Selecting a certificate and entering the PIN Connecting the Mobile VPN ClientUninstalling the Mobile VPN client Start All Programs WatchGuard Mobile VPN Mobile VPN Monitor Disconnecting the Mobile VPN client Controlling connection behavior Seeing Mobile VPN Log Messages Mobile User VPN client iconSecuring Your Computer with the Mobile VPN Firewall Enabling the link firewallEnabling the desktop firewall Configuration Firewall SettingsAbout the desktop firewall Defining friendly networks Creating firewall rulesGeneral tab Local tab Remote tab