About the Shrew Soft VPN Client
You can use the Shrew Soft VPN Client for Windows to enable your users to make a secure connection from a remote computer to your network. The Shrew Soft VPN Client functions similarly to the WatchGuard IPSec Mobile VPN Client and shares many of the same configuration settings, but it does have some limitations.
You can download the Shrew Soft VPN Client for Windows directly from the Software Downloads section of the WatchGuard website, or from Shrew Soft (http://www.shrew.net/download). The Shrew Soft VPN client is supported on WatchGuard Fireboxes that run Fireware XTM v11.4.1 or higher.
SHA2 authentication and encryption options require Shrew Soft VPN Client v2.2.1 or higher.
Shrew Soft VPN Client Limitations
The Shrew Soft VPN Client does not support these Mobile VPN with IPSec configuration settings and features:
|IKE keep-alive||Not supported|
|Configuration of multiple VPN gateways for multi-WAN failover||Not supported|
|Line management configuration settings Connection mode and Inactivity timeout||Not supported|
|Phase 2 proposal Force Key Expiration setting kilobytes||Does not apply to the Shrew Soft VPN client.|
|Dead Peer Detection (DPD) configuration settings: Traffic idle timeout and Max retries||
Do not apply to the Shrew Soft VPN client.
If DPD is enabled, the Shrew Soft VPN client supports DPD with a traffic idle timeout value of 15 seconds.
|RADIUS 2-factor authentication||Not supported|
|SecurID 2-factor authentication||Not supported|
|Read-only profile||Not supported|
|User name and password stored for user authentication||
Users must type their user names and passwords each time they connect.
Shrew Soft VPN End-User Profile
The Shrew Soft VPN end-user profile is generated as a .vpn file that is not encrypted. We recommend that you use a secure method to distribute this file.