About Mobile VPN for a Cloud-Managed Firebox

Applies To: Cloud-managed Fireboxes

Mobile Virtual Private Networking (Mobile VPN) creates a secure connection between a remote computer and network resources behind the Firebox.

Cloud-managed Fireboxes support two Mobile VPN types:

Mobile VPN with IKEv2

Mobile VPN with IKEv2 provides the best security, performance, and ease of deployment. This VPN type uses IPSec for strong encryption and authentication. Users connect with native Windows, macOS, or iOS VPN clients, or with the strongSwan app for Android.

To authenticate users, you can configure local authentication on the Firebox (Firebox-DB), RADIUS, and AuthPoint. If your users authenticate with Active Directory, we recommend that you configure RADIUS authentication so the Mobile VPN with IKEv2 can pass through Active Directory credentials.

We recommend Mobile VPN with IKEv2 in most cases.

Mobile VPN with SSL

Mobile VPN with SSL provides good security and performance, and uses a default port (TCP 443) that is usually open on most networks. Mobile VPN with SSL uses Transport Layer Security (TLS) to secure the connection. Windows and macOS users can download a client from software.watchguard.com or from the Firebox that automatically receives a configuration. Administrators can download a client from WatchGuard Cloud. Android and iOS users can download an OpenVPN client from an app store.

To authenticate users, you can configure local authentication on the Firebox (Firebox-DB), Active Directory, RADIUS, and AuthPoint.

We recommend Mobile VPN with SSL when remote networks do not allow IKEv2 IPSec traffic.

Your Firebox can support Mobile VPN with IKEv2 and Mobile VPN with SSL simultaneously.

Mobile VPN Clients

For information about which operating systems are compatible with Mobile VPN with SSL, see the Operating System Compatibility list in the Fireware Release Notes. For information about changes to the WatchGuard Mobile VPN with SSL client, see the Enhancements and Resolved Issues section in the Release Notes. You can find the Release Notes for your version of Fireware OS on the Fireware Release Notes page.

You can configure a client computer to use more than one mobile VPN type.

Configure Mobile VPN in WatchGuard Cloud

Before you configure Mobile VPN, learn about user authentication and firewall policies for Mobile VPN users:

To configure Mobile VPN with IKEv2, see:

To configure Mobile VPN with SSL, see:

To monitor Mobile VPNs, see Monitor VPNs on Fireboxes and FireClusters.

See Also

Add a Cloud-Managed Firebox to WatchGuard Cloud

Manage Device Configuration Deployment