Enable The Link Firewall - Watchguard Firebox X15 User Manual

About Mobile VPN with IPSec
Secure your computer with the Mobile VPN firewall
The WatchGuard Mobile VPN with IPSec client includes two firewall components:
Link firewall
The link firewall is not enabled by default. When the link firewall is enabled, your computer will
discard any packets received from other computers. You can choose to enable the link firewall only
when a Mobile VPN tunnel is active, or enable it all the time.
Desktop firewall
This full-featured firewall can control connections to and from your computer. You can define friendly
networks and set access rules separately for friendly and unknown networks.

Enable the link firewall

When the link firewall is enabled, the Mobile VPN client software drops any packets sent to your computer
from other hosts. It allows only packets sent to your computer in response to packets your computer sends.
For example, if you send a request to an HTTP server through the tunnel from your computer, the reply traffic
from the HTTP server is allowed. If a host tries to send an HTTP request to your computer through the tunnel,
it is denied.
To enable the link firewall:
1. From the WatchGuard Mobile VPN Connection Monitor, select Configuration > Profile Settings.
2. Select the profile you want to enable the link firewall for and select Configure.
3. From the left pane, select Link Firewall.
4. From the Stateful Inspection drop-down list, select when connected or always. If you select when
connected, the link firewall operates only when the VPN tunnel is active for this profile.
If you select always, the link firewall is always active, whether the VPN tunnel is active or not.
5. Click OK.
282 Firebox X Edge e-Series