Configuring the Firebox for Mobile User VPN

10Use the Encryption drop list to select an encryption method.

Options available with the strong encryption version of WatchGuard Firebox System include: None (no encryption), DES-CBC (56-bit), and 3DES-CBC (168-bit).

11Click Next. Click Finish.

The wizard closes and the username appears in the Remote User VPN Setup dialog box on the Mobile User tab Users list.

12Click OK.

Modifying an existing Mobile User VPN entry

Use the Mobile User VPN wizard to generate a new .exp file every time you want to change the end-user configuration file. Reasons to change an end-user configuration include:

Modifying the shared key

Adding access to additional hosts or networks

Restricting access to a single destination port, source port, or protocol

Modifying the encryption or authentication parameters

From Policy Manager:

1Select Network => Remote User.

2In the Users list on the Mobile User VPN tab, click the username.

3Click Edit.

The Mobile User VPN wizard appears, displaying the User Name and Pass Phrase form.

4Use Next to step through the wizard, reconfiguring the end-user configuration according to your security policy preferences.

5To add access to a new network or host, proceed to the Multiple Policy

Configuration step in the Mobile User VPN wizard. Click Add.

You can also use the Multiple Policy Configuration step to change the virtual IP address assigned to the remote user.

6Use the drop list to select Network or Host. Type the IP address. Use the Dst Port,

Protocol, and Src Port options to restrict access. Click OK.

The new IP address appears in the Configured Policies list.

7Step completely through the wizard until the final screen. Click Finish.

You must click Finish to ensure that the wizard creates a new .exp file and writes the modified settings to the Firebox configuration file.

8Click OK.

Saving the configuration to a Firebox

To activate new Mobile User configuration settings, you must save the configuration file to the primary area of the Firebox flash disk. For instructions, see “Saving a configuration to the Firebox” on page 24.

Distributing the software and configuration files

WatchGuard recommends distributing end-user configuration files on a floppy disk or by encrypted e-mail. Each client machine needs the following:

• Remote client installation package

User Guide

139

Page 148 Page 150
Page 149
Image 149
WatchGuard Technologies FireboxTM System 4.6 manual Saving the configuration to a Firebox, Select Network = Remote User
Page 148 Page 150
Top Page Image Contents