Use a Wizard to Configure the Firebox for Mobile VPN with SSL
Before you configure Mobile VPN with SSL, go to Plan Your Mobile VPN with SSL Configuration.
In Fireware v12.3 or higher, you can use a wizard or manually configure Mobile VPN with SSL.
- To use a wizard, follow the steps in this topic.
- To manually configure Mobile VPN with SSL, go to Manually Configure the Firebox for Mobile VPN with SSL.

- Select VPN > Mobile VPN.
The Mobile VPN selection page opens. - In the Mobile VPN with SSL section, click Launch Wizard.
The first page of the wizard opens.
- Click Next.
The server settings show. - In the Primary text box, type a public IP address or domain name.
This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces. - (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.
- Click Next.
The authentication settings show. - To add an authentication server, select a server from the drop-down list and click Add.
In Fireware v12.7 or higher, you can select AuthPoint as an authentication server. AuthPoint is the cloud-based multi-factor authentication solution from WatchGuard. For more information, go to Plan Your Mobile VPN with SSL Configuration. - To remove an authentication server, select the server and click Remove.
- To change the order of servers, select a server and click Up or Down.
- Click Next.
The settings for users and groups open. - Select one or more groups or users to add to the SSLVPN-Users group.
- (Optional) To apply enforcement settings to Mobile VPN with SSL groups:
- Select the check box for a group.
- In Fireware v12.9 or higher, in the Network Access Enforcement column, select Yes. In Fireware v12.5.4 to v12.8.x, in the Host Sensor Enforcementcolumn, select Yes.
- To disable enforcement for a group, select the check box for that group and select No.
- Click Next.
The Define the virtual IP Address pool page opens. - Specify a virtual IP address pool subnet to use for client connections. For best practices that can help you to avoid IP address conflicts, go to Manually Configure the Firebox for Mobile VPN with SSL.
- Click Next.
The final page of the wizard opens.
- Click Finish.
The Mobile VPN with SSL Configuration page opens.
- To edit the configuration, go to Manually Configure the Firebox for Mobile VPN with SSL.
If you configure Mobile VPN with SSL to use more than one authentication server, users who do not use the default authentication server must specify the authentication server or domain as part of the user name. For more information and examples, go to Download, Install, and Connect the Mobile VPN with SSL Client.

- Select VPN > Mobile VPN > Get Started.
The Configure Mobile VPN dialog box opens.
- In the SSL section, click Launch Wizard.
The first page of the wizard opens.
- Click Next.
The server settings appear. - In the Primary text box, type a public IP address or domain name.
This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces. - (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.
- Click Next.
The authentication settings show. - To add an authentication server, select a server from the drop-down list and click Add.
In Fireware v12.7 or higher, you can select AuthPoint as an authentication server. AuthPoint is the cloud-based multi-factor authentication solution from WatchGuard. For more information, go to Plan Your Mobile VPN with SSL Configuration. - To remove an authentication server, select the server and click Remove.
- To change the order of servers, select a server and click Up or Down.
- Click Next.
The settings for users and groups show. - Select one or more groups or users to add to the SSLVPN-Users group.
- (Optional) To apply enforcement settings to Mobile VPN with SSL groups:
- Select the check box for a group.
- In Fireware v12.9 or higher, select Network Access Enforcement check box. In Fireware v12.5.4 to v12.8.x, select the Host Sensor Enforcement check box.
- To disable enforcement for a group, select the check box for that group and select No.
- Click Next.
The Define a virtual IP address pool page opens. - Specify a virtual IP address pool subnet to use for client connections. For best practices that can help you to avoid IP address conflicts, go to Manually Configure the Firebox for Mobile VPN with SSL.
- Click Next.
The final page of the wizard opens. - To view or edit the configuration after you exit the wizard, select Open the mobile SSL configuration dialog.
- Click Finish.
If you selected to open the configuration, the Mobile VPN with SSL Configuration page opens.
- To edit the configuration, go to Manually Configure the Firebox for Mobile VPN with SSL.
If you configure Mobile VPN with SSL to use more than one authentication server, users who do not use the default authentication server must specify the authentication server or domain as part of the user name. For more information and examples, go to Download, Install, and Connect the Mobile VPN with SSL Client.
Manually Configure the Firebox for Mobile VPN with SSL
Troubleshoot Mobile VPN with SSL
Download, Install, and Connect the Mobile VPN with SSL Client
Set Up Mobile VPN with SSL video tutorial (13 minutes)