Use a Wizard to Configure the Firebox for Mobile VPN with SSL

Before you configure Mobile VPN with SSL, see Plan Your Mobile VPN with SSL Configuration.

In Fireware v12.3 or higher, you can use a wizard or manually configure Mobile VPN with SSL.

  1. Select VPN > Mobile VPN.
    The Mobile VPN selection page appears.
  2. In the Mobile VPN with SSL section, click Launch Wizard.
    The first page of the wizard appears.

Screen shot of the Welcome page in the wizard

  1. Click Next.
    The server settings appear.
  2. In the Primary text box, type a public IP address or domain name.
    This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces.
  3. (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
    This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.

Screen shot of the server settings in the wizard

  1. Click Next.
    The authentication settings appear.
  2. To add an authentication server, select a server from the drop-down list and click Add.
    In Fireware v12.7 or higher, you can select AuthPoint as an authentication server. AuthPoint is the cloud-based multi-factor authentication solution from WatchGuard. For more information, see Plan Your Mobile VPN with SSL Configuration.
  3. To remove an authentication server, select the server and click Remove.
  4. To change the order of servers, select a server and click Up or Down.

Screen shot of the authentication settings in the wizard

  1. Click Next.
    The settings for users and groups appear.
  2. Select one or more groups or users to add to the SSLVPN-Users group.
  3. (Optional) To apply enforcement settings to Mobile VPN with SSL groups:
    1.  Select the check box for a group.
    2. In Fireware v12.9 or higher, in the Endpoint Enforcement column, select Yes. In Fireware v12.5.4 to v12.8.x, in the Host Sensor Enforcementcolumn, select Yes.
  4. To disable enforcement for a group, select the check box for that group and select No.

Screen shot of the users and groups settings in the wizard

  1. Click Next.
    The Define the virtual IP Address pool page appears.
  2. Specify a virtual IP address pool subnet to use for client connections. For best practices that can help you to avoid IP address conflicts, see Manually Configure the Firebox for Mobile VPN with SSL.

Screen shot of the IP address pool settings

  1. Click Next.
    The final page of the wizard appears.

Screen shot of the last page of the wizard

  1. Click Finish.
    The Mobile VPN with SSL Configuration page appears.

Screen shot of the Mobile VPN with SSL General tab

  1. To edit the configuration, see Manually Configure the Firebox for Mobile VPN with SSL.

If you configure Mobile VPN with SSL to use more than one authentication server, users who do not use the default authentication server must specify the authentication server or domain as part of the user name. For more information and examples, see Download, Install, and Connect the Mobile VPN with SSL Client.

  1. Select VPN > Mobile VPN > Get Started.
    The Configure Mobile VPN dialog box appears.

Screen shot of the Configure Mobile VPN page

  1. In the SSL section, click Launch Wizard.
    The first page of the wizard appears.

Screen shot of the first page of the Mobile VPN with SSL wizard

  1. Click Next.
    The server settings appear.
  2. In the Primary text box, type a public IP address or domain name.
    This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces.
  3. (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
    This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.

Screen shot of the server address settings

  1. Click Next.
    The authentication settings appear.
  2. To add an authentication server, select a server from the drop-down list and click Add.
    In Fireware v12.7 or higher, you can select AuthPoint as an authentication server. AuthPoint is the cloud-based multi-factor authentication solution from WatchGuard. For more information, see Plan Your Mobile VPN with SSL Configuration.
  3. To remove an authentication server, select the server and click Remove.
  4. To change the order of servers, select a server and click Up or Down.

Screen shot of the authentication server settings

  1. Click Next.
    The settings for users and groups appear.
  2. Select one or more groups or users to add to the SSLVPN-Users group.
  3. (Optional) To apply enforcement settings to Mobile VPN with SSL groups:
    1. Select the check box for a group.
    2. In Fireware v12.9 or higher, select Endpoint Enforcement check box. In Fireware v12.5.4 to v12.8.x, select the Host Sensor Enforcementcheck box.
  4. To disable enforcement for a group, select the check box for that group and select No.

Screen shot of the users and groups settings

  1. Click Next.
    The Define a virtual IP address pool page appears.
  2. Specify a virtual IP address pool subnet to use for client connections. For best practices that can help you to avoid IP address conflicts, see Manually Configure the Firebox for Mobile VPN with SSL.

Screen shot of the virtual IP address pool settings

  1. Click Next.
    The final page of the wizard appears.
  2. To view or edit the configuration after you exit the wizard, select Open the mobile SSL configuration dialog.

Screen shot of the last page of the wizard

  1. Click Finish.
    If you selected to open the configuration, the Mobile VPN with SSL Configuration page appears.

Screen shot of the Mobile VPN with SSL configuration settings

  1. To edit the configuration, see Manually Configure the Firebox for Mobile VPN with SSL.

If you configure Mobile VPN with SSL to use more than one authentication server, users who do not use the default authentication server must specify the authentication server or domain as part of the user name. For more information and examples, see Download, Install, and Connect the Mobile VPN with SSL Client.

See Also

Manually Configure the Firebox for Mobile VPN with SSL

About Mobile VPN with SSL

Troubleshoot Mobile VPN with SSL

Download, Install, and Connect the Mobile VPN with SSL Client

Set Up Mobile VPN with SSL video tutorial (13 minutes)