Distribute the Software and Profiles
WatchGuard recommends that you distribute end-user profiles by encrypted email or another secure method.
Each VPN client device must have:
- Software installation package
For Windows devices
The Shrew Soft VPN Client installation package is available directly from the WatchGuard Portal, or from Shrew Soft (http://www.shrew.net/download).
The WatchGuard IPSec Mobile VPN Client, is available for download from the WatchGuard Portal. This premium client comes with a 30 day trial, and requires a license for use after the trial period.
For Mac OS X devices
The WatchGuard IPSec Mobile VPN Client is available for download from the WatchGuard Portal. This premium client comes with a 30 day trial, and requires a license for use after the trial period.
For iOS or Android devices
The WatchGuard VPN client app for iOS devices is available from the Apple App Store. The user must install the WatchGuard VPN client app in order to use the .wgm mobile configuration profile.
The WatchGuard VPN client app for Android devices is no longer available from Google Play. If you already use this app, WatchGuard continues to support it. For new Android devices, we recommend you use the native Android VPN client. For more information, see Use Mobile VPN with IPSec with an Android Device
- The end user profile
This file contains the group name, shared key, and settings that enable a remote computer to connect securely over the Internet to a protected, private computer network. The end user profiles have these file names groupname.wgx, groupname.ini, groupname.vpn, and groupname.wgm.
For information about how to manage end-user profiles, see Generate Mobile VPN with IPSec Configuration Files
- Two certificate files, if you use certificates for authentication
The first file is the .p12 file, which is an encrypted file containing the certificate.The second file is the cacert.pem, which contains the root (CA) certificate. The .p12 and cacert.pem files can be found in the same location as the .wgx end user profile.
- User documentation
Documentation to help the remote user install the Mobile VPN client and import the Mobile VPN configuration file can be found in the About Mobile VPN Client Configuration Files topics.
To import the encrypted .wgx end user profile to the WatchGuard XTM IPSec Mobile VPN Client, the user must type the passphrase to decrypt the file. To import the encrypted .wgm profile profile to the WatchGuard Mobile client app on an iOS or Android device, the user must also type the passphrase to decrypt the file.
You set the encryption passphrase when you create the Mobile VPN group is created in Policy Manager. Fireware Web UI cannot generate the encrypted .wgx file.
For information about how to change the shared key, see Modify an Existing Mobile VPN with IPSec Group Profile.
The end-user profile passphrase, user name, and user password are sensitive information. For security reasons, we recommend that you do not provide this information by email. Because email is not secure, an unauthorized user can use the information to get access to your internal network. Give the user the information to the use by a method that does not allow an unauthorized person to intercept it.