WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Configuring WatchGuard VPN• Watch for log entries as the Firebox reboots that show local and remote VPN IPaddresses.• Check the Firebox status once it has booted. There should be an entry for a VPNinterface directly following the entry for eth2.• Check the Control Center display for tunnel status.If none of these indicators is present, review all settings on both Fireboxes, doublecheckthat the passphrases are the same, and verify the remote IP addresses.132
CHAPTER 18Configuring the Fireboxfor Remote User VPNRemote user virtual private networking (RUVPN) establishes a secure connectionbetween an unsecured remote host and a protected network over an unsecurednetwork. RUVPN connects an employee on the road or working from home to trustedand optional networks behind a Firebox using a standard Internet dial-up connectionwithout compromising security.WatchGuard Firebox System offers two types of RUVPN:Remote User PPTPUses the Point-to-Point Tunneling Protocol. This type of RUVPN is included withthe basic WatchGuard package and supports up to 50 concurrent sessions perFirebox. Works with any Firebox encryption level.Mobile User VPNUses Internet Protocol Security. This type of RUVPN is an optional feature of theWatchGuard package. It requires strong or medium encryption.RUVPN requires configuration of both the Firebox and the end-user remote hostcomputers. This section describes how to configure a Firebox for both types ofRUVPN. For information on configuring the remote host, see “Preparing a Host forRemote User VPN” on page 141.Remote User PPTP and Mobile User VPN require that the ManagementStation be upgraded to either medium or strong encryption level. The mediumand strong encryption upgrade files are available to eligible users on theLiveSecurity Service Web site at http://www.watchguard.com/support.Configuration checklistBefore configuring a Firebox to use remote user virtual private networking (RUVPN),gather the following information:• The IP addresses to assign to the remote client during RUVPN sessions. The IPaddresses cannot be addresses currently in use in the network.User Guide 133
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 96 and 97: Using host aliasesAdding a host ali
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 116 and 117: Working with log filesIP header len
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 124 and 125: Scheduling and running reportsDelet
- Page 126 and 127: Report sections and consolidated se
- Page 128 and 129: Report sections and consolidated se
- Page 130 and 131: 120
- Page 132 and 133: Using DVCP to connect to devices•
- Page 134 and 135: Branch office VPN with IPSecFrom Po
- Page 136 and 137: Branch office VPN with IPSecdescrib
- Page 138 and 139: Branch office VPN with IPSecbe acce
- Page 140 and 141: Configuring WatchGuard VPNConfiguri
- Page 144 and 145: Configuring shared servers for RUVP
- Page 146 and 147: Configuring the Firebox for Remote
- Page 148 and 149: Configuring the Firebox for Mobile
- Page 150 and 151: Configuring debugging optionsA prom
- Page 152 and 153: Preparing the client computers• P
- Page 154 and 155: Preparing the client computers10 Cl
- Page 156 and 157: Using Remote User PPTPInstalling a
- Page 158 and 159: Configuring debugging options148
- Page 160 and 161: CChangingan interface IP address 39
- Page 162 and 163: monitors 2, 32, 93BandwidthMeter 94
- Page 164 and 165: for blocked sites 44global preferen
- Page 166 and 167: pull-down menus 32services arena 32
- Page 168 and 169: introduction 37Routes 97network con
- Page 170: manager 17mobile user 18multiple-bo
CHAPTER 18Configuring the <strong>Firebox</strong>for Remote <strong>User</strong> VPNRemote user virtual private networking (RUVPN) establishes a secure connectionbetween an unsecured remote host and a protected network over an unsecurednetwork. RUVPN connects an employee on the road or working from home to trustedand optional networks behind a <strong>Firebox</strong> using a standard Internet dial-up connectionwithout compromising security.<strong>WatchGuard</strong> <strong>Firebox</strong> <strong>System</strong> offers two types of RUVPN:Remote <strong>User</strong> PPTPUses the Point-to-Point Tunneling Protocol. This type of RUVPN is included withthe basic <strong>WatchGuard</strong> package and supports up to 50 concurrent sessions per<strong>Firebox</strong>. Works with any <strong>Firebox</strong> encryption level.Mobile <strong>User</strong> VPNUses Internet Protocol Security. This type of RUVPN is an optional feature of the<strong>WatchGuard</strong> package. It requires strong or medium encryption.RUVPN requires configuration of both the <strong>Firebox</strong> and the end-user remote hostcomputers. This section describes how to configure a <strong>Firebox</strong> for both types ofRUVPN. For information on configuring the remote host, see “Preparing a Host forRemote <strong>User</strong> VPN” on page 141.Remote <strong>User</strong> PPTP and Mobile <strong>User</strong> VPN require that the ManagementStation be upgraded to either medium or strong encryption level. The mediumand strong encryption upgrade files are available to eligible users on theLiveSecurity Service Web site at http://www.watchguard.com/support.Configuration checklistBefore configuring a <strong>Firebox</strong> to use remote user virtual private networking (RUVPN),gather the following information:• The IP addresses to assign to the remote client during RUVPN sessions. The IPaddresses cannot be addresses currently in use in the network.<strong>User</strong> <strong>Guide</strong> 133