Configuring The Firebox For Remote User Pptp - Watchguard Firebox FireboxTM System 4.6 User Manual

Watchguard firebox system user guide

Hide thumbs Also See for Firebox FireboxTM System 4.6:

Reference manual (78 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

page of 170

/ 170
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring the Firebox for Remote User PPTP

- From: Selected

- To: pptp_users or ipsec_users

Configuring the Firebox for Remote User PPTP

Configuring the Firebox for Remote User PPTP requires that you perform the

following:

• Enter IP addresses and networks used for clients

• Add usernames to the built-in Firebox User group pptp_users

• Activate the Remote User PPTP feature

• Configure service properties using pptp_users

• Verify WINS and DNS server settings

Activating Remote User PPTP

If you want to set up RUVPN for users behind a Firebox (connecting to

another Firebox), they must be on a public subnet, and the wg_pptp service

icon must be added in the Services Arena. Or, create a BOVPN tunnel.

The first step to configuring Remote User PPTP is to activate the feature. Activating

Remote User PPTP adds the wg_pptp service icon to the Services Arena. The icon is

visible only in the Advanced view of Policy Manager. The wg_pptp icon rarely

requires modification. WatchGuard recommends leaving wg_pptp in its default

settings. From Policy Manager:

Select Network => Remote User. Click the PPTP tab.

Enable the Activate Remote User checkbox.

If necessary, enable the Enable Drop from 128-bit to 40-bit checkbox.

In general, the encryption drop control is used only by international customers.

Entering IP addresses for Remote User sessions

Remote User PPTP supports only 50 concurrent sessions, but you can configure a

virtually unlimited number of client computers. The Firebox dynamically assigns an

open IP address to each incoming RUVPN session from a pool of available addresses

until this number is reached. After the user closes a session, the address reverts to the

available pool and can be assigned to the next user who attempts to log on.

Use Policy Manager to assign individual addresses or a single network to the

available pool. The safest method is to fabricate a Secondary Network address (see

"Adding a secondary network" on page 38) and choose the IP addresses from that

network range. That way, you draw from a range of addresses already declared to

Policy Manager, but which cannot clash with real host addresses in use behind the

Firebox. Using this method, you must also configure the client machine to use the

default gateway on the remote host (see "Configuring the remote host for RUVPN

with PPTP" on page 145).

136

Table of Contents

Configuring The Firebox For Remote User Pptp - Watchguard Firebox FireboxTM System 4.6 User Manual

Configuring the Firebox for Remote User PPTP

Related Manuals for Watchguard Firebox FireboxTM System 4.6

Related Content for Watchguard Firebox FireboxTM System 4.6

Table of Contents