User Guide
139
Configuring the Firebox for Mobile User VPN
10 Use the
Encryption
drop list to select an encryption method.
Options available with the strong encryption version of WatchGuard Firebox System include:
None (no encryption), DES-CBC (56-bit), and 3DES-CBC (168-bit).
11 Click
Next
. Click
Finish
.
The wizard closes and the username appears in the Remote User VPN Setup dialog box on the
Mobile User tab Users list.
12 Click
OK
.
Modifying an existing Mobile User VPN entry
Use the Mobile User VPN wizard to generate a new
.exp
file every time you want to
change the end-user configuration file. Reasons to change an end-user configuration
include:
• Modifying the shared key
• Adding access to additional hosts or networks
• Restricting access to a single destination port, source port, or protocol
• Modifying the encryption or authentication parameters
From Policy Manager:
1
Select
Network => Remote User
.
2
In the
Users
list on the
Mobile User VPN
tab, click the username.
3
Click
Edit
.
The Mobile User VPN wizard appears, displaying the User Name and Pass Phrase form.
4
Use
Next
to step through the wizard, reconfiguring the end-user configuration
according to your security policy preferences.
5
To add access to a new network or host, proceed to the Multiple Policy
Configuration step in the Mobile User VPN wizard. Click
Add
.
You can also use the Multiple Policy Configuration step to change the virtual IP address
assigned to the remote user.
6
Use the drop list to select
Network
or
Host
. Type the IP address. Use the
Dst Port
,
Protocol
, and
Src Port
options to restrict access. Click
OK
.
The new IP address appears in the Configured Policies list.
7
Step completely through the wizard until the final screen. Click
Finish
.
You must click Finish to ensure that the wizard creates a new
.exp
file and writes the modified
settings to the Firebox configuration file.
8
Click
OK
.
Saving the configuration to a Firebox
To activate new Mobile User configuration settings, you must save the configuration
file to the primary area of the Firebox flash disk. For instructions, see “Saving a
configuration to the Firebox” on page 24.
Distributing the software and configuration files
WatchGuard recommends distributing end-user configuration files on a floppy disk
or by encrypted e-mail. Each client machine needs the following:
• Remote client installation package
Summary of Contents for Firebox FireboxTM System 4.6
Page 1: ...WatchGuard Firebox System User Guide Firebox System 4 6 ...
Page 16: ...6 ...
Page 20: ...LiveSecurity broadcasts 10 ...
Page 44: ...LiveSecurity Event Processor 34 ...
Page 52: ...Defining a Firebox as a DHCP server 42 ...
Page 68: ...Service precedence 58 ...
Page 78: ...Configuring a service for incoming static NAT 68 ...
Page 92: ...Establishing an OOB connection 82 ...
Page 94: ...84 ...
Page 112: ...HostWatch 102 ...
Page 118: ...Working with log files 108 ...
Page 130: ...120 ...
Page 158: ...Configuring debugging options 148 ...