Before you configure Mobile VPN with SSL, see Plan Your Mobile VPN with SSL Configuration.
In Fireware v12.3 or higher, you can use a wizard or manually configure Mobile VPN with SSL.
- To use a wizard, follow the steps in this topic.
- To manually configure Mobile VPN with SSL, see Manually Configure the Firebox for Mobile VPN with SSL.
- Select VPN > Mobile VPN.
The Mobile VPN selection page appears. - In the Mobile VPN with SSL section, click Launch Wizard.
The first page of the wizard appears.
- Click Next.
The server settings appear. - In the Primary text box, type a public IP address or domain name.
This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces. - (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.
- Click Next.
The authentication settings appear. - To add an authentication server, select a server from the drop-down list and click Add.
In Fireware v12.7 or higher, you can select AuthPoint as an authentication server. AuthPoint is the cloud-based multi-factor authentication solution from WatchGuard. For more information, see Plan Your Mobile VPN with SSL Configuration. - To remove an authentication server, select the server and click Remove.
- To change the order of servers, select a server and click Up or Down.
- Click Next.
The settings for users and groups appear. - Select one or more groups or users to add to the SSLVPN-Users group.
- (Optional) In Fireware v12.5.4 or higher, to enable Host Sensor Enforcement for a group, select the check box for that group and then select Yes. To disable Host Sensor Enforcement for a group, select the check box for that group and then select No. For more information, see About TDR Host Sensor Enforcement.
- Click Next.
The Define the virtual IP Address pool page appears. - Specify a virtual IP address pool subnet to use for client connections. For best practices that can help you to avoid IP address conflicts, see Manually Configure the Firebox for Mobile VPN with SSL.
- Click Next.
The final page of the wizard appears.
- Click Finish.
The Mobile VPN with SSL Configuration page appears.
- To edit the configuration, see Manually Configure the Firebox for Mobile VPN with SSL.
- Select VPN > Mobile VPN > Get Started.
The Configure Mobile VPN dialog box appears.
- In the SSL section, click Launch Wizard.
The first page of the wizard appears.
- Click Next.
The server settings appear. - In the Primary text box, type a public IP address or domain name.
This is the IP address or domain name that Mobile VPN with SSL clients connect to by default. This can be an external IP address, secondary external IP address, or external VLAN. For a device in drop-in mode, use the IP address assigned to all interfaces. - (Optional) If your Firebox has more than one external address, in the Backup text box, type a different public IP address.
This is the IP address that the Mobile VPN with SSL client connects to if it is unable to establish a connection with the primary IP address. If you add a secondary IP address, make sure it is an IP address assigned to a Firebox external interface or VLAN. If you want the Mobile VPN with SSL client to use a secondary IP address, you must also select the Auto reconnect after a connection is lost check box in the Authentication settings, as described in the next section.
- Click Next.
The authentication settings appear. - To add an authentication server, select a server from the drop-down list and click Add.
In Fireware v12.7 or higher, you can select AuthPoint as an authentication server. AuthPoint is the cloud-based multi-factor authentication solution from WatchGuard. For more information, see Plan Your Mobile VPN with SSL Configuration. - To remove an authentication server, select the server and click Remove.
- To change the order of servers, select a server and click Up or Down.
- Click Next.
The settings for users and groups appear. - Select one or more groups or users to add to the SSLVPN-Users group.
- (Optional) In Fireware v12.5.4 or higher, to enable Host Sensor Enforcement for a group, select the check box for that group and then select Yes. To disable Host Sensor Enforcement for a group, select the check box for that group and then select No. For more information, see About TDR Host Sensor Enforcement.
- Click Next.
The Define a virtual IP address pool page appears. - Specify a virtual IP address pool subnet to use for client connections. For best practices that can help you to avoid IP address conflicts, see Manually Configure the Firebox for Mobile VPN with SSL.
- Click Next.
The final page of the wizard appears. - To view or edit the configuration after you exit the wizard, select Open the mobile SSL configuration dialog.
- Click Finish.
If you selected to open the configuration, the Mobile VPN with SSL Configuration page appears.
- To edit the configuration, see Manually Configure the Firebox for Mobile VPN with SSL.