WatchGuard Technologies V10.0 manual Terminating IPSec connections, Global VPN settings

Additional Mobile VPN Topics

Terminating IPSec connections

To fully stop VPN connections, the Firebox must be restarted. Removing the IPSec policy does not stop current connections.

Global VPN settings

Global VPN settings on your Firebox apply to all manual BOVPN tunnels, managed tunnels, and Mobile VPN tunnels. You can use these settings to:

•Enable IPSec pass-through.

•Clear or maintain the settings of packets with Type of Service (TOS) bits set.

•Use an LDAP server to verify certificates.

To change these settings, from Policy Manager, select VPN > VPN Settings. For more information on these settings, see the Basic Configuration Setup chapter in the WatchGuard System Manager User Guide.

Seeing the number of Mobile VPN licenses

To see the number of Mobile VPN licenses that are installed, from Policy Manager, select

Setup > Feature Keys. From the Firebox Feature Keys dialog box, click Active Features. Scroll down to the value MUVPN_USERS and look at the number in the Capacity column. This is the number of installed Mobile VPN licenses.

Purchasing additional Mobile VPN licenses

WatchGuard Mobile VPN with IPSec is an optional feature. Each Firebox X device includes a number of Mobile VPN licenses. You can purchase more licenses for Mobile VPN.

Licenses are available through your local reseller or at:

http://www.watchguard.com/sales

Adding feature keys

For information on adding feature keys, see “Working with Feature Keys” in the WatchGuard System Manager User Guide.

Mobile VPN and VPN failover

You can configure VPN tunnels to fail over to a backup endpoint if the primary endpoint becomes unavailable. For more information on VPN failover, see the WatchGuard System Manager User Guide.

If VPN failover is configured and failover occurs, Mobile VPN sessions do not continue. You must authenticate your Mobile VPN client again to make a new Mobile VPN tunnel.

To configure VPN failover for Mobile VPN tunnels, on the General tab of the Edit MUVPN Extended Authentication Group dialog box, enter a backup WAN interface in the Backup field in the Firebox IP box. You can specify only one backup interface for tunnels to fail over to, even if you have additional WAN interfaces.