WatchGuard Firebox System 4.6 User Guide
Share Embed Flag
Download ePaper

WatchGuard Firebox System 4.6 User Guide

WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide

watchguard.com
from watchguard.com More from this publisher
13.07.2015 Views

Configuring the Firebox for Mobile User VPNEntering license keysThe first step in configuring the Firebox for Mobile User VPN is to enter the licensekey(s) into the Firebox configuration file. The Firebox automatically restricts thenumber of Mobile User VPN connections to the sum of the number of seats eachlicense key provides. From Policy Manager:1 Select Network => Remote User. Click the Mobile User Licenses tab.2 Enter the license key in the text field to the left of the Add button. Click Add.The license key appears in the list of client licenses configured for use with the Firebox. Repeatthe add-license process until you have added all of your keys.Preparing Mobile User VPN configuration filesWith Mobile User VPN, the network security administrator controls end-userconfiguration settings. Use Policy Manager to define an end-user and generate aconfiguration file with the extension .exp. The .exp file contains the shared key, useridentification, IP addresses, and settings required to create a secure tunnel betweenthe remote computer and the Firebox.Defining a new mobile userFrom Policy Manager:1 Select Network => Remote User. Click the Mobile User VPN tab.2 Click Add.The Mobile User VPN wizard appears.3 Click Next.4 Use the Select User Name drop list to select a user.The only names that appear in the drop list are users who have not already been configured forMobile User VPN. To add a new user, click Add New. For more information on adding a newuser, see “Adding a member to built-in RUVPN user groups” on page 134.5 Enter the shared key.The shared key is not the same as the Firebox Users authentication password. However, you canenter the same value for both the key and the password.6 Click Next.The Allowed Resource and Virtual IP Address form appears. By default, the IP address of theTrusted network appears in the Allow User Access To field. This provides the Mobile User VPNuser with access to the Trusted network.7 Enter the end-user virtual IP address. Click Next.8 Use the Type drop list to select an encryption method.Options include: ESP (Encapsulated Security Protocol) and/or AH (Authenticated Headers) orAH Only.9 Use the Authentication drop list to select an authentication method.Options include: None (no authentication), MD5-HMAC (128-bit algorithm), or SHA1-HMAC(160-bit algorithm).10 Use the Encryption drop list to select an encryption method.Options available with the strong encryption version of WatchGuard Firebox System include:None (no encryption), DES-CBC (56-bit), and 3DES-CBC (168-bit).11 Click Next. Click Finish.The wizard closes and the username appears in the Remote User VPN Setup dialog box on theMobile User tab Users list.12 Click OK.138

Configuring the Firebox for Mobile User VPNModifying an existing Mobile User VPN entryUse the Mobile User VPN wizard to generate a new .exp file every time you want tochange the end-user configuration file. Reasons to change an end-user configurationinclude:• Modifying the shared key• Adding access to additional hosts or networks• Restricting access to a single destination port, source port, or protocol• Modifying the encryption or authentication parametersFrom Policy Manager:1 Select Network => Remote User.2 In the Users list on the Mobile User VPN tab, click the username.3 Click Edit.The Mobile User VPN wizard appears, displaying the User Name and Pass Phrase form.4 Use Next to step through the wizard, reconfiguring the end-user configurationaccording to your security policy preferences.5 To add access to a new network or host, proceed to the Multiple PolicyConfiguration step in the Mobile User VPN wizard. Click Add.You can also use the Multiple Policy Configuration step to change the virtual IP address assignedto the remote user.6 Use the drop list to select Network or Host. Type the IP address. Use the Dst Port,Protocol, and Src Port options to restrict access. Click OK.The new IP address appears in the Configured Policies list.7 Step completely through the wizard until the final screen. Click Finish.You must click Finish to ensure that the wizard creates a new .exp file and writes the modifiedsettings to the Firebox configuration file.8 Click OK.Saving the configuration to a FireboxTo activate new Mobile User configuration settings, you must save the configurationfile to the primary area of the Firebox flash disk. For instructions, see “Saving aconfiguration to the Firebox” on page 24.Distributing the software and configuration filesWatchGuard recommends distributing end-user configuration files on a floppy diskor by encrypted e-mail. Each client machine needs the following:• Remote client installation packageThe packages are located on the WatchGuard LiveSecurity Service Web site athttp://www.watchguard.com/support.Enter the Service Web site using your LiveSecurity username and password. Clickthe Mobile User VPN link.• .exp end-user configuration fileUser Guide 139

Configuring the <strong>Firebox</strong> for Mobile <strong>User</strong> VPNModifying an existing Mobile <strong>User</strong> VPN entryUse the Mobile <strong>User</strong> VPN wizard to generate a new .exp file every time you want tochange the end-user configuration file. Reasons to change an end-user configurationinclude:• Modifying the shared key• Adding access to additional hosts or networks• Restricting access to a single destination port, source port, or protocol• Modifying the encryption or authentication parametersFrom Policy Manager:1 Select Network => Remote <strong>User</strong>.2 In the <strong>User</strong>s list on the Mobile <strong>User</strong> VPN tab, click the username.3 Click Edit.The Mobile <strong>User</strong> VPN wizard appears, displaying the <strong>User</strong> Name and Pass Phrase form.4 Use Next to step through the wizard, reconfiguring the end-user configurationaccording to your security policy preferences.5 To add access to a new network or host, proceed to the Multiple PolicyConfiguration step in the Mobile <strong>User</strong> VPN wizard. Click Add.You can also use the Multiple Policy Configuration step to change the virtual IP address assignedto the remote user.6 Use the drop list to select Network or Host. Type the IP address. Use the Dst Port,Protocol, and Src Port options to restrict access. Click OK.The new IP address appears in the Configured Policies list.7 Step completely through the wizard until the final screen. Click Finish.You must click Finish to ensure that the wizard creates a new .exp file and writes the modifiedsettings to the <strong>Firebox</strong> configuration file.8 Click OK.Saving the configuration to a <strong>Firebox</strong>To activate new Mobile <strong>User</strong> configuration settings, you must save the configurationfile to the primary area of the <strong>Firebox</strong> flash disk. For instructions, see “Saving aconfiguration to the <strong>Firebox</strong>” on page 24.Distributing the software and configuration files<strong>WatchGuard</strong> recommends distributing end-user configuration files on a floppy diskor by encrypted e-mail. Each client machine needs the following:• Remote client installation packageThe packages are located on the <strong>WatchGuard</strong> LiveSecurity Service Web site athttp://www.watchguard.com/support.Enter the Service Web site using your LiveSecurity username and password. Clickthe Mobile <strong>User</strong> VPN link.• .exp end-user configuration file<strong>User</strong> <strong>Guide</strong> 139

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!