Applies To: Cloud-managed Fireboxes
Mobile Virtual Private Networking (Mobile VPN) creates a secure connection between a remote computer and network resources behind the Firebox.
Cloud-managed Fireboxes support two Mobile VPN types:
Mobile VPN with IKEv2
Mobile VPN with IKEv2 provides the best security, performance, and ease of deployment. This VPN type uses IPSec for strong encryption and authentication. Users connect with native Windows, macOS, or iOS VPN clients, or with the strongSwan app for Android.
To authenticate users, you can configure local authentication on the Firebox (Firebox-DB), RADIUS, and AuthPoint. If your users authenticate with Active Directory, we recommend that you configure RADIUS authentication so the Mobile VPN with IKEv2 can pass through Active Directory credentials.
We recommend Mobile VPN with IKEv2 in most cases.
Mobile VPN with SSL
Mobile VPN with SSL provides good security and performance, and uses a default port (TCP 443) that is usually open on most networks. Mobile VPN with SSL uses Transport Layer Security (TLS) to secure the connection. Windows and macOS users can download a client from software.watchguard.com or from the Firebox that automatically receives a configuration. Administrators can download a client from WatchGuard Cloud. Android and iOS users can download an OpenVPN client from an app store.
To authenticate users, you can configure local authentication on the Firebox (Firebox-DB), Active Directory, RADIUS, and AuthPoint.
We recommend Mobile VPN with SSL when remote networks do not allow IKEv2 IPSec traffic.
Your Firebox can support Mobile VPN with IKEv2 and Mobile VPN with SSL simultaneously.
Mobile VPN Clients
For information about which operating systems are compatible with Mobile VPN with SSL, see the Operating System Compatibility list in the Fireware Release Notes. For information about changes to the WatchGuard Mobile VPN with SSL client, see the Enhancements and Resolved Issues section in the Release Notes. You can find the Release Notes for your version of Fireware OS on the Fireware Release Notes page.
You can configure a client computer to use more than one mobile VPN type.
Configure Mobile VPN in WatchGuard Cloud
Before you configure Mobile VPN, learn about user authentication and firewall policies for Mobile VPN users:
To configure Mobile VPN with IKEv2, see:
- Configure Mobile VPN with IKEv2 for a Cloud-Managed Firebox
- Download the Mobile VPN with IKEv2 Client Profile
To configure Mobile VPN with SSL, see:
- Configure Mobile VPN with SSL for a Cloud-Managed Firebox
- Download, Install, and Connect the Mobile VPN with SSL Client
To monitor Mobile VPNs, see Monitor VPNs on Fireboxes and FireClusters.