Use a Wizard to Configure the Firebox for Mobile VPN with SSL

Before you configure Mobile VPN with SSL, see Plan Your Mobile VPN with SSL Configuration.

In Fireware v12.3 or higher, you can use a wizard or manually configure Mobile VPN with SSL.

  1. Select VPN > Mobile VPN.
    The Mobile VPN selection page appears.
  2. In the Mobile VPN with SSL section, click Launch Wizard.
    The first page of the wizard appears.

Screen shot of the Welcome page in the wizard

  1. Click Next.
    The server settings appear.
  2. In the Primary text box, type a public IP address or domain name.
    This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces.
  3. (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
    This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.

Screen shot of the server settings in the wizard

  1. Click Next.
    The authentication settings appear.
  2. To add an authentication server, select a server from the drop-down list and click Add.
  3. To remove an authentication server, select the server and click Remove.
  4. To change the order of servers, select a server and click Up or Down.

Screen shot of the authentication settings in the wizard

  1. Click Next.
    The settings for users and groups appear.
  2. Select one or more groups or users to add to the SSLVPN-Users group.
  3. (Optional) In Fireware v12.5.4 or higher, to enable Host Sensor Enforcement for a group, select the check box for that group and then select Yes. To disable Host Sensor Enforcement for a group, select the check box for that group and then select No. For more information, see About TDR Host Sensor Enforcement.
  1. Click Next.
    The Define the virtual IP Address pool page appears.
  2. Specify a virtual IP address pool subnet to use for client connections.

Screen shot of the IP address pool settings

  1. Click Next.
    The final page of the wizard appears.

Screen shot of the last page of the wizard

  1. Click Finish.
    The Mobile VPN with SSL Configuration page appears.

Screen shot of the Mobile VPN with SSL General tab

  1. To edit the configuration, see Manually Configure the Firebox for Mobile VPN with SSL.
  1. Select VPN > Mobile VPN > Get Started.
    The Configure Mobile VPN dialog box appears.

Screen shot of the Configure Mobile VPN page

  1. In the SSL section, click Launch Wizard.
    The first page of the wizard appears.

Screen shot of the first page of the Mobile VPN with SSL wizard

  1. Click Next.
    The server settings appear.
  2. In the Primary text box, type a public IP address or domain name.
    This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces.
  3. (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
    This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.

Screen shot of the server address settings

  1. Click Next.
    The authentication settings appear.
  2. To add an authentication server, select a server from the drop-down list and click Add.
  3. To remove an authentication server, select the server and click Remove.
  4. To change the order of servers, select a server and click Up or Down.

Screen shot of the authentication server settings

  1. Click Next.
    The settings for users and groups appear.
  2. Select one or more groups or users to add to the SSLVPN-Users group.
  3. (Optional) In Fireware v12.5.4 or higher, to enable Host Sensor Enforcement for a group, select the check box for that group and then select Yes. To disable Host Sensor Enforcement for a group, select the check box for that group and then select No. For more information, see About TDR Host Sensor Enforcement.

Screen shot of the users and groups settings

  1. Click Next.
    The Define a virtual IP address pool page appears.
  2. Specify a virtual IP address pool subnet to use for client connections.

Screen shot of the virtual IP address pool settings

  1. Click Next.
    The final page of the wizard appears.
  2. To view or edit the configuration after you exit the wizard, select Open the mobile SSL configuration dialog.

Screen shot of the last page of the wizard

  1. Click Finish.
    If you selected to open the configuration, the Mobile VPN with SSL Configuration page appears.

Screen shot of the Mobile VPN with SSL configuration settings

  1. To edit the configuration, see Manually Configure the Firebox for Mobile VPN with SSL.

See Also

Manually Configure the Firebox for Mobile VPN with SSL

About Mobile VPN with SSL