About Mobile VPN Client Configuration Files

With Mobile VPN with IPSec, the network security administrator controls end user profiles. Policy Manager is used to create the Mobile VPN with IPSec group and create an end user profile, with the file extension .wgx, .ini, or .vpn. The .wgx, .ini, and .vpn files contain the shared key, user identification, IP addresses, and settings that are used to create a secure tunnel between the remote computer and the Firebox.

The .wgx file is encrypted with a passphrase that is eight characters or more in length. You must use Policy Manager to generate the .wgx file. Both the administrator and the remote user must know this passphrase. When you use the WatchGuard IPSec Mobile VPN Client software to import the .wgx file, the passphrase is used to decrypt the file. The .wgx file does not configure the Line Management settings.

The .ini configuration file is not encrypted. It should only be used if you have changed the Line Management setting to anything other than Manual. For more information, see Line Management on the Advanced tab in the Mobile VPN with IPSec group profile.

For information about how to edit the group profile, see Modify an Existing Mobile VPN with IPSec Group Profile.

After you use the Add Mobile VPN with IPSec wizard or edit the Mobile VPN with IPSec settings, you can generate an client configuration file. For more information, see Generate Mobile VPN with IPSec Configuration Files.

To make the user profile read-only in the IPSec Mobile VPN Client, you can lock the profile. For information about how to lock a user profile from Fireware Web UI, see Lock Down an End User Profile.

The .vpn configuration file is for use with the Shrew Soft VPN client. This file is not encrypted. We no longer provide technical customer support for mobile VPN tunnels created with the Shrew Soft VPN Client. The Firebox no longer supports interoperability with the Shrew Soft VPN client.