Download  Print this page

Watchguard Firebox SOHO 6 Client Manual

Muvpn clients guide
Hide thumbs

Advertisement

WatchGuard
Firebox
SOHO 6
®
®
MUVPN Clients Guide
SOHO 6.1

Advertisement

Table of Contents
loading

  Related Manuals for Watchguard Firebox SOHO 6

  Summary of Contents for Watchguard Firebox SOHO 6

  • Page 1 WatchGuard Firebox SOHO 6 ® ® MUVPN Clients Guide SOHO 6.1...
  • Page 2 Using this Guide To use this guide you need to be familiar with your computer’s operating system. If you have questions about navigating in your computer’s environment, please refer to your system user manual. The following conventions are used in this guide. Convention Bold type NOTE...
  • Page 3 No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Copyright, Trademark, and Patent Information Copyright©...
  • Page 4 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
  • Page 5 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Page 6 "This product includes software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http://www.modssl.org/)." 4. The names "mod_ssl" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact rse@engelschall.com.
  • Page 7 5. Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  • Page 8 viii MUVPN Client...
  • Page 9: Table Of Contents

    Contents CHAPTER 1 Redeem your SOHO 6 Upgrade Options Configure the SOHO 6 for MUVPN Clients CHAPTER 2 Prepare the Remote Computers System requirements Windows 98/ME operating system setup Windows NT operating system setup Windows 2000 operating system setup Windows XP operating system setup...
  • Page 10 The Connection Monitor CHAPTER 3 ZoneAlarm Features Allowing Traffic through ZoneAlarm Shutting Down ZoneAlarm Uninstalling ZoneAlarm CHAPTER 4 My computer is hung up just after installing the I have to enter my network log in information even when I’m not I am not prompted for my user name and password when I turn my Is the Mobile User VPN tunnel is working...
  • Page 11: Configure The Soho 6

    Virtual Private Network (VPN) other than the MUVPN client. This VPN option can be added to the SOHO 6, while the SOHO 6tc comes with the VPN option already installed and is used to create a Branch Office VPN tunnel between two IPSec compliant devices allowing data from an entire network rather than a single remote user.
  • Page 12 CHAPTER 1: Configure the SOHO 6 For information on registering your SOHO 6 with the LiveSecurity Service, see “Register your SOHO 6 and Activate the LiveSecurity Service” in the Firebox SOHO 6 User Guide. Follow these steps to redeem your upgrade option license key: With your Web browser, go to: Click the LiveSecurity link at the top of the page and log into the site.
  • Page 13: Configure The Soho 6 For Muvpn Clients

    Configure the SOHO 6 for MUVPN Clients Flow these steps to configure your SOHO 6: With your Web browser, go to the System Status page using the Trusted IP address of the SOHO 6. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the right side, select VPN = >...
  • Page 14 This passphrase will be used as the Pre-Shared Key when setting up the MUVPN client. In our example, pL4n3phr34k Enter the Virtual IP address which will be used by the MUVPN computer when connecting to the SOHO 6 in the appropriate field. In our example, 192.168.111.4. Select the Authentication Algorithm.
  • Page 15: Chapter 2 Preparation, Installation, And Connection

    MUVPN client to provide further security for your end users. The purpose of this guide is to assist users of the SOHO 6 to set up the MUVPN client on an end-user’s remote computer and to explain the features of the personal firewall.
  • Page 16: Prepare The Remote Computers

    CHAPTER 2: Preparation, Installation, and Connection Prepare the Remote Computers The MUVPN client is only compatible with the Windows operating system. Every Windows system used as a MUVPN remote computer must have the following system requirements. System requirements • PC-compatible computer with Pentium processor or equivalent •...
  • Page 17: Windows 98/Me Operating System Setup

    Windows 98/ME operating system setup The following networking components must be configured and installed on a remote computer running Windows 98/ME in order for the MUVPN client to function properly. Configuring networking names From the Windows desktop: Select Start = > Settings = > Control Panel. Double-click the Network icon.
  • Page 18 CHAPTER 2: Preparation, Installation, and Connection In the Windows NT Domain field, type the domain name. For example, your domains might be sales, office, and warehouse. Enable the Logon and Restore Network Connections option. Installing Dial-Up Networking The Mobile User VPN Adapter, which supports L2TP, installs only if Dial- up Networking is already installed on your computer.
  • Page 19: Windows Nt Operating System Setup

    Under the “DNS Server Search Order” heading, enter your DNS server IP address, then click the Add button. If you have multiple remote DNS servers repeat this step. must first. Click the WINS Configuration tab. Verify that the Enable WINS Resolution option has been enabled. Under the “WINS Server Search Order”...
  • Page 20 CHAPTER 2: Preparation, Installation, and Connection Enter the path to the Windows NT install files or insert your system installation CD, then click the OK button. The Remote Access Setup dialog box appears. Click the Yes button to add a RAS capable device and enable you to add a modem.
  • Page 21: Windows 2000 Operating System Setup

    must first. Click the WINS Address tab. Enter your WINS server IP address in the appropriate field, then click the OK button. If you have multiple remote WINS servers repeat this step. Click the Close button to close the Network window. The Network Settings Change dialog box appears.
  • Page 22 CHAPTER 2: Preparation, Installation, and Connection Click the Properties button. Select the Networking tab and then click the Install button. The Select Network Component Type window appears. Double click the Protocol network component. The Select Network Protocol window appears. Select the Internet Protocol (TCP/IP) Network Protocol and then click the OK button.
  • Page 23 Click the Cancel button to close the Dial-up connection window. Configuring the WINS and DNS settings You must configure the remote computer to use the WINS and DNS servers of the trusted network behind the Firebox. From the Windows desktop: Select Start = >...
  • Page 24: Windows Xp Operating System Setup

    CHAPTER 2: Preparation, Installation, and Connection 13 Under the “WINS addresses, in order of use” heading, click the Add button. The TCP/IP WINS Server window appears. 14 Enter your WINS server IP address in the appropriate field, then click the Add button. If you have multiple remote DNS servers repeat the last two steps.
  • Page 25 Click the Properties button. Select the Networking tab and then click the Install button. The Select Network Component Type window appears. Double click the Protocol network component. The Select Network Protocol window appears. Select the Internet Protocol (TCP/IP) Network Protocol and then click the OK button.
  • Page 26 CHAPTER 2: Preparation, Installation, and Connection Click the Cancel button to close the Dial-up connection window. Configuring the WINS and DNS settings You must configure the remote computer to use the WINS and DNS servers of the trusted network behind the Firebox. From the Windows desktop: Select Start = >...
  • Page 27: Install The Muvpn Client

    18 Click the Cancel button again to close the Dial-up connection window. Install the MUVPN Client Install the SOHO 6 MUVPN client software on each remote computer. The MUVPN installation files are available at the WatchGuard Web site: http://www.watchguard.com/support The installation process consists of two parts: installing the client software on the remote computer and configuring the client.
  • Page 28 An Information dialog box appears. 12 Click the OK button to continue with the installation. 13 The InstallShield Wizard has completed the install of the SOHO 6 MUVPN client, verify that the option Yes, I want to restart my computer now is enabled and click the Finish button.
  • Page 29: Configuring The Muvpn Client

    Configuring the MUVPN Client Once you have restarted the machine, the WatchGuard Policy Import dialog box appears. Click the Cancel button as this step is not necessary. From the Windows desktop system tray: Right-click on the Mobile User VPN client icon.
  • Page 30 Tunnel from the drop list. From the ID Type drop list, select IP Address. 10 Enter the External IP Address of the SOHO 6 in the appropriate field. In our example, 206.253.208.100. 11 From the Network Security Policy on the left, expand New Connection.
  • Page 31 15 Click the Pre-Shared Key button. The Pre-Shared Key window appears. 16 Click the Enter Key button. 17 Enter the same Passphrase configured on the SOHO 6 in the appropriate field. In our example, pL4n3phr34k. 18 From the Select Certificate drop list, verify that None has been selected.
  • Page 32 The “Hash Alg” setting refers to the “Authentication Algorithm” and the “Encrypt Alg” setting refers to the “Encryption Algorithm” settings on the SOHO 6. In our example, Triple DES and MD5. These two setting connection will fail. must exactly match those on the SOHO 6 or the MUVPN Client...
  • Page 33: Uninstall The Muvpn Client

    26 Select File = > Save Changes. Uninstall the MUVPN client At some point, it may become necessary to completely uninstall the MUVPN client. WatchGuard recommends a complete uninstall using the Windows Add/Remove Programs tool. First, disconnect all existing tunnels and dial-up connections and reboot the remote computer.
  • Page 34: Connect And Disconnect The Muvpn Client

    “The Mobile User VPN client icon”. Then, from the Windows desktop: Select Start = > Programs = > Mobile User VPN = > Connect. The WatchGuard Mobile User Connect widow appears. Click the Yes button. The Mobile User VPN client icon The Mobile User VPN icon exists in the Windows desktop system tray and displays several different status images.
  • Page 35 service properly and the remote computer must be restarted (if this continues you may need to reinstall the MUVPN client). Activated The MUVPN client is ready to establish a secure, MUVPN tunnel connection. Activated and Transmitting Unsecured Data The MUVPN client is ready to establish a secure, MUVPN tunnel connection.
  • Page 36: Allowing The Muvpn Client Through The Personal Firewall

    CHAPTER 2: Preparation, Installation, and Connection The MUVPN client has established at least one secure, MUVPN tunnel connection. The red and green bars on the right of the icon indicate that the client is transmitting both secured and unsecured data. Allowing the MUVPN client through the personal firewall There are a couple of programs associated with the MUVPN client, which you must allow through the personal firewall in order to establish the...
  • Page 37: Disconnecting The Muvpn Client

    The New Program alert dialog box appears requesting access for the IreIKE.exe program. Enable the Remember this answer the next time I use this program option and click the Yes button. This enables ZoneAlarm to allow the IreIKE.exe program through each time you attempt to make a MUVPN connection.
  • Page 38: The Log Viewer

    CHAPTER 2: Preparation, Installation, and Connection The Log Viewer The LogViewer displays the communications log, a diagnostic tool that lists the negotiations that occur during the MUVPN client connection. From the Windows desktop system tray: Right-click the Mobile User VPN client icon. Select Log Viewer.
  • Page 39 An icon appears to the left of the connection name: • SA indicates that the connection has only a Phase 1 IKE SA. This occurs when connecting to a secure gateway tunnel or when a Phase 2 IPSec SA fails to establish or has not been established yet. •...
  • Page 40 CHAPTER 2: Preparation, Installation, and Connection MUVPN Client...
  • Page 41: Chapter 3 The Zonealarm Personal Firewall

    The ZoneAlarm Personal CHAPTER 3 Firewall A personal firewall is a barrier between your computer and the outside world. The computer is most vulnerable at its doors, called ports. Without ports, no connection to the Internet is possible. ZoneAlarm protects these ports by following a simple rule: Block all incoming and outgoing traffic unless you explicitly allow it for trusted programs.
  • Page 42: Zonealarm Features

    CHAPTER 3: The ZoneAlarm Personal Firewall This alert appears whenever one of your programs (in this example, Internet Explorer) attempts to access the Internet or your local network. This powerful feature means no information leaves your computer unless you give it permission. If you enable the “Remember the answer each time I use this program”...
  • Page 43 In the example above, the Internet Explorer Web browser application has been launched and is attempting to access the users home page. The program which actually needs to pass through the firewall is “IEXPLORE.EXE”. In order to allow this program access each time the application is executed, enable the Remember the answer each time I use this program checkbox.
  • Page 44: Shutting Down Zonealarm

    CHAPTER 3: The ZoneAlarm Personal Firewall Shutting Down ZoneAlarm From the Windows desktop system tray: Right-click on the ZoneAlarm icon ZoneAlarm. The ZoneAlarm dialog box appears. Click the Yes button when prompted to quit ZoneAlarm. Uninstalling ZoneAlarm From the Windows desktop: Select Start = >...
  • Page 45 ZoneAlarm Features The Install window appears and prompts you to restart the computer. Click the OK button to reboot your system. MUVPN Client Guide...
  • Page 46 CHAPTER 3: The ZoneAlarm Personal Firewall MUVPN Client...
  • Page 47: Chapter 4 Troubleshooting Tips

    Troubleshooting Tips CHAPTER 4 WatchGuard maintains a knowledge base on our Web site, including an In-Depth FAQ section on configuring and using the MUVPN client. This is available at: w w w.w a t c h g u a r d . c o m / s u p p o r t A few of the most common issues found in installing, configuring, and using the MUVPN client are described below.
  • Page 48: I Have To Enter My Network Log In Information Even When I'm Not Connected To The Network

    CHAPTER 4: Troubleshooting Tips Select Disconnect All. The MUVPN client closes all VPN tunnels. Right-click on the Mobile User VPN client icon and select Deactivate Security Policy. The MUVPN icon will display a red slash to indicate that the Security Policy has been deactivated.
  • Page 49: My Mapped Drives Have A Red X Through Them

    • Select Start = > Run. Type your company network. My mapped drives have a red X through them... Windows 98/ME, NT, and 2000 verifies and maps networks drives automatically when the computer starts. Because there is no way for you to establish a remote session with the company network before the computer actually starts, drive mapping fails during the boot process and a red X appears on the drive icon.
  • Page 50: It Takes A Really Long Time To Shut Down The Computer After Using Mobile User Vpn

    CHAPTER 4: Troubleshooting Tips It takes a really long time to shut down the computer after using Mobile User VPN... If you open and browse a mapped network drive during a MUVPN session, the Windows operating system waits for a signal from the times out and completes the shut down cycle.