Enable Mobile Vpn For A Group - Watchguard Firebox X15 User Manual

10. Select Mobile User in the VPN Client Type drop-down list. This selection is required if you use a
Windows desktop, laptop, or handheld PC.
11. Select the All traffic uses tunnel (0.0.0.0/0 IP Subnet) check box if the remote client sends all its
traffic (including usual web traffic) through the VPN tunnel to the Firebox X Edge. This can also let the
Mobile VPN client connect with other networks that the Edge connects to.
If you do not select this check box, the remote user can connect with only the Firebox X Edge trusted
network. You must select this check box for a remote user to connect to:
o Networks on the other side of a Branch Office VPN tunnel that the Edge has connected.
o Computers on the Edge's optional network.
o Networks that are behind a static route on the trusted or optional interface.
12. Click Submit.

Enable Mobile VPN for a group

1. To connect to the Edge System Status page, type
address of the Firebox X Edge trusted interface.
The default URL is: https://192.168.111.1
2. To add a new Firebox user group, select Firebox Users > New Group.
You can also edit the properties of an existing group. Go to the main Firebox User page and find the name of the
group you want to edit.
3. On the Settings tab, type an Account Name for the group. If you are using LDAP or RADIUS
authentication the Account Name must be identical to the group name on the authentication server.
The Description field is optional.
4. Click the MOVPN tab.
5. Select the Enable Mobile VPN with IPSec for this account check box.
6. Type a shared key in the Shared key field.
The .wgx file is encrypted with this shared key. Do not give the shared key to any user that is not part
of this group.
7. If necessary, change the Authentication Algorithm or Encryption Algorithm settings.
8. Set Mobile VPN key expiration in kilobytes and/or hours. The default values are 8192 KB and 24 hours.
To remove a size and/or time expiration, set the value to zero (0).
9. Select the Clear type of service (TOS) check box if you want the Edge to remove the TOS bit setting from
packets that go through the VPN tunnel
10. Select the All traffic uses tunnel (0.0.0.0/0 IP Subnet) check box if the remote client sends all its
traffic (including usual web traffic) through the VPN tunnel to the Firebox X Edge. This can also let the
Mobile VPN client connect with other networks that the Edge connects to.
If you do not select this check box, the remote user can connect with only the Firebox X Edge trusted
network. You must select this check box for a remote user to connect to:
o Networks on the other side of a Branch Office VPN tunnel that the Edge has connected.
o Computers on the Edge's optional network.
o Networks that are behind a static route on the trusted or optional interface.
11. Type a starting and ending IP address in the Virtual IP address range text boxes. The virtual
IP addresses must be IP addresses on the Firebox X Edge trusted or optional network that are not used
and are not included within any range of DHCP addresses assigned by the Edge. These IP addresses are
used by remote computers to connect to the Firebox X Edge.
12. Click Submit.
User Guide
About Mobile VPN with IPSec
in the browser address bar, and the IP
https://
273