WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Using Remote User PPTPInstalling a VPN adapter on Windows NTFrom the Windows NT Desktop of the remote host:1 Double-click My Computer.2 Double-click Dial-Up Networking.If you have not already configured an entry, Windows guides you through the creation of a dial-upconfiguration. When it prompts for a phone number, enter the host name or IP address of theFirebox. When complete, you should see a Dial-Up Networking dialog box with the default buttonDial.3 Select New to make a new connection. If you are prompted to use the wizard,enter a friendly connection name and enable the I Know All About checkbox.The connection name used in the WatchGuard client brochures included on the WatchGuard NOCSecurity Suite installation CD-ROM is “Connect to RUVPN.”4 Under the Basic tab, configure the following settings:- Phone Number: Firebox IP address- Entry Name: Connect to RUVPN (or your preferred alternative)- Dial Using: RASPPTPM (VPN1) adapter- Use Another Port if Busy: enabled5 Click the Server tab. Configure the following settings:- PPP: Windows NT, Windows 95 Plus, Internet- TCP/IP: enabled- Enable Software Compression: enabled6 Click the Security tab. Configure the following settings:- Accept Only Microsoft Encrypted Authentication: enabled- Require Data Encryption: enabled7 Click OK.Using Remote User PPTPUsing Remote User PPTP is a two-step process. First, the remote host establishes aconnection to the ISP. It then uses the VPN adapter to create a PPTP tunnel to theFirebox.Starting Remote User PPTPThe connect process is identical regardless of the Windows platform. From theWindows Desktop:1 Establish an Internet connection through either Dial-Up Networking or directlythrough a LAN or WAN.2 Double-click My Computer. Double-click Dial-Up Networking.3 Double-click the RUVPN connection.If you configured the client computer as described in “Windows 95/98 platform preparation” onpage 142, double-click Connect with RUVPN.146
Configuring debugging options4 Enter the remote client username and password.These are assigned when you add the user to the pptp_users group. See “Using Remote UserPPTP” on page 146.5 Click Connect.Running Remote User PPTPWhen first starting the remote host (before connecting to the ISP or to the Firebox),the user may be prompted for a name, password, and possibly even a domain. Thesevalues are what Windows assumes the remote host uses to connect to the networkbehind the Firebox. However, if Windows finds a discrepancy, it displays a loginprompt for the network with the name, password, and domain that would be used ifthe remote host were at an office connecting directly to the LAN.Remote User PPTP is usually set up such that the remote machines usenonpublic IP addresses from the range used behind a Firebox. If the “UseDefault Gateway on Remote Network” parameter is enabled, and you try tobrowse the Internet during a Remote User PPTP session, the Fireboxtransmits the private address as the source IP address in the packetheader. Because the remote host was assigned an address from a privateaddress pool, a public Web site will not know how to route the returntraffic, and will ignore your request. Therefore, browse the Internet beforeor after you are connected to the Firebox, but not during a Remote UserPPTP session.If simultaneous access to the Internet and a private network is required,contact WatchGuard Support for alternative solutions.Configuring debugging optionsWatchGuard offers a selection of debugging options that you can set to gatherinformation and help with future troubleshooting.For information on how to enable logging for IPSec, see “Debugging Mobile UserVPN” on page 140. For information on how to enable logging for PPTP, see“Debugging Remote User VPN (PPTP)” on page 140.User Guide 147
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 116 and 117: Working with log filesIP header len
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 124 and 125: Scheduling and running reportsDelet
- Page 126 and 127: Report sections and consolidated se
- Page 128 and 129: Report sections and consolidated se
- Page 130 and 131: 120
- Page 132 and 133: Using DVCP to connect to devices•
- Page 134 and 135: Branch office VPN with IPSecFrom Po
- Page 136 and 137: Branch office VPN with IPSecdescrib
- Page 138 and 139: Branch office VPN with IPSecbe acce
- Page 140 and 141: Configuring WatchGuard VPNConfiguri
- Page 142 and 143: Configuring WatchGuard VPN• Watch
- Page 144 and 145: Configuring shared servers for RUVP
- Page 146 and 147: Configuring the Firebox for Remote
- Page 148 and 149: Configuring the Firebox for Mobile
- Page 150 and 151: Configuring debugging optionsA prom
- Page 152 and 153: Preparing the client computers• P
- Page 154 and 155: Preparing the client computers10 Cl
- Page 158 and 159: Configuring debugging options148
- Page 160 and 161: CChangingan interface IP address 39
- Page 162 and 163: monitors 2, 32, 93BandwidthMeter 94
- Page 164 and 165: for blocked sites 44global preferen
- Page 166 and 167: pull-down menus 32services arena 32
- Page 168 and 169: introduction 37Routes 97network con
- Page 170: manager 17mobile user 18multiple-bo
Using Remote <strong>User</strong> PPTPInstalling a VPN adapter on Windows NTFrom the Windows NT Desktop of the remote host:1 Double-click My Computer.2 Double-click Dial-Up Networking.If you have not already configured an entry, Windows guides you through the creation of a dial-upconfiguration. When it prompts for a phone number, enter the host name or IP address of the<strong>Firebox</strong>. When complete, you should see a Dial-Up Networking dialog box with the default buttonDial.3 Select New to make a new connection. If you are prompted to use the wizard,enter a friendly connection name and enable the I Know All About checkbox.The connection name used in the <strong>WatchGuard</strong> client brochures included on the <strong>WatchGuard</strong> NOCSecurity Suite installation CD-ROM is “Connect to RUVPN.”4 Under the Basic tab, configure the following settings:- Phone Number: <strong>Firebox</strong> IP address- Entry Name: Connect to RUVPN (or your preferred alternative)- Dial Using: RASPPTPM (VPN1) adapter- Use Another Port if Busy: enabled5 Click the Server tab. Configure the following settings:- PPP: Windows NT, Windows 95 Plus, Internet- TCP/IP: enabled- Enable Software Compression: enabled6 Click the Security tab. Configure the following settings:- Accept Only Microsoft Encrypted Authentication: enabled- Require Data Encryption: enabled7 Click OK.Using Remote <strong>User</strong> PPTPUsing Remote <strong>User</strong> PPTP is a two-step process. First, the remote host establishes aconnection to the ISP. It then uses the VPN adapter to create a PPTP tunnel to the<strong>Firebox</strong>.Starting Remote <strong>User</strong> PPTPThe connect process is identical regardless of the Windows platform. From theWindows Desktop:1 Establish an Internet connection through either Dial-Up Networking or directlythrough a LAN or WAN.2 Double-click My Computer. Double-click Dial-Up Networking.3 Double-click the RUVPN connection.If you configured the client computer as described in “Windows 95/98 platform preparation” onpage 142, double-click Connect with RUVPN.146
Change language