When the link firewall is enabled, the WatchGuard IPSec Mobile VPN Client drops any packets sent to your computer from other hosts. It allows only packets sent to your computer in response to packets your computer sends. For example, if you send a request to an HTTP server through the tunnel from your computer, the reply traffic from the HTTP server is allowed. If a host tries to send an HTTP request to your computer through the tunnel, it is denied.
To enable the link firewall in the Mobile VPN client for Windows:
- From the WatchGuard Mobile VPN Monitor, select Configuration > Profiles.
- Select the profile you want to enable the link firewall for and select Edit.
- From the left pane, select Link Firewall.
- From the Stateful Inspection drop-down list, select when connected or always.
If you select when connected, the link firewall operates only when the VPN tunnel is active for this profile.
If you select always, the link firewall is always active when the VPN client is started, whether the VPN tunnel is active or not.
- Click OK.