Internet Access Options for Mobile VPN Users

Some of the features described in this section are only available to participants in the WatchGuard Beta program. If a feature described in this section is not available in your version of Fireware, it is a beta-only feature.

You have two options for Internet access for your Mobile VPN users:

Default-route (full tunnel)

Default-route is the most secure option because it routes all Internet traffic from a remote user through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can examine all traffic and provide increased security. Be aware that this option requires more processing power and bandwidth.

Default route is the default option for all mobile VPN types on the Firebox.

Split tunnel

If you require split tunneling, we recommend that you use Mobile VPN with IKEv2 or Mobile VPN with SSL. You can also configure Mobile VPN with IPSec for split tunneling.

The Firebox supports connections from Mobile VPN with L2TP clients configured for split tunneling. However, you must manually configure L2TP clients for split tunneling. For example, you must manually add routes on the client computer for each remote network that you require access to. We do not provide customer support for split tunnel configurations on L2TP clients. See the documentation provided by your VPN client vendor.

Mobile VPN with IKEv2 supports split tunneling in Fireware v12.9 or higher.

For information about how to configure these options for each type of Mobile VPN, see: