Contents

Configure Windows Devices for Mobile VPN with IKEv2

You can configure the native IKEv2 VPN client on Windows devices for a VPN connection to your Firebox. To add the VPN connection on your device, you can use the WatchGuard automatic configuration script or manually configure settings on the device.

To install the CA certificate, you must have Administrator permissions on your Windows device. The WatchGuard configuration script automatically requests Administrator permissions to install the required CA certificate for the new IKEv2 VPN connection.

Mobile VPN with IKEv2 is supported on Fireboxes with Fireware v12.1 and higher.

WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.

Automatically Configure VPN Settings

To configure a VPN connection with the WatchGuard automatic configuration script, you must download a compressed .TGZ file from your Firebox. This file contains instructions and configuration scripts for different operating systems. For information about how to download this file, see Configure Client Devices for Mobile VPN with IKEv2.

The automatic configuration script creates a new IKEv2 VPN connection. The script configures the connection to be default-route (full tunnel), which means all traffic is sent over the VPN connection. The configuration script also installs the required CA certificate for the VPN connection. For information about default-route and split tunnel VPN connections, see Internet Access Through a Mobile VPN with IKEv2 Tunnel.

For computers with Windows 7, you must manually configure the VPN connection. The automatic configuration script is not supported.

If your configuration includes a RADIUS server, and you upgrade from Fireware v12.4.1 or lower to Fireware v12.5 or higher, the Firebox automatically uses RADIUS as the domain name for that server. To authenticate to that server, you must specify RADIUS as the domain name.

Manually Configure VPN Settings

See Also

About Mobile VPN with IKEv2

Configure Client Devices for Mobile VPN with IKEv2

Configure iOS and macOS Devices for Mobile VPN with IKEv2

Configure Android Devices for Mobile VPN with IKEv2

Internet Access Through a Mobile VPN with IKEv2 Tunnel

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search