Generate Mobile VPN with IPSec Configuration Files

To configure the WatchGuard IPSec Mobile VPN Client, you import a configuration file. The configuration file is also called the end user profile. When you first configure a Mobile VPN with IPSec group, or if you make a change to the settings for a group, you must regenerate the configuration file for the group and provide it to mobile users.

To use Fireware XTM Web UI to generate an end-user profile file for a group:

  1. Select VPN > Mobile VPN > IPSec.
  2. In the Groups list, select the Mobile VPN group.
  3. From the Client drop-down list, select the type of VPN client you use.
  4. Click Generate.
  5. Select a file name and location to save the configuration file. The correct file extension is automatically added when the file is saved. Do not specify a different file extension.

You can now distribute the configuration file to the end users.

There are four types of configuration files.

.wgx

The .wgx file is used by the WatchGuard IPSec Mobile VPN Client. A .wgx file cannot set the Line Management settings in the client software. If you set Line Management to anything other than Manual, you must use the.ini configuration file. The .wgx file is encrypted with the passphrase specified in the Mobile VPN with IPSec configuration. You must use Policy Manager to generate the encrypted .wgx file.

.ini

The .ini file is used by the WatchGuard IPSec Mobile VPN Client. Use this file format only if you did not set Line Management to Manual. The .ini file is not encrypted.

For more information, see Line Management on the Advanced tab in Modify an Existing Mobile VPN with IPSec Group Profile.

.vpn

The .vpn file is used by the Shrew Soft VPN client. The .vpn configuration file is not encrypted. The Shrew Soft VPN client does not support some Mobile VPN with IPSec configuration settings and features.

For more information, see About the Shrew Soft VPN Client.

.wgm

The .wgm file is used by the WatchGuard Mobile VPN app for iOS and Android devices. The Mobile VPN with IPSec .wgm file is encrypted with the passphrase specified in the Mobile VPN with IPSec configuration.

The .ini file for the WatchGuard IPSec Mobile VPN Client can be generated as read-only so that the end users cannot change settings in the client.

For more information, see Lock Down an End User Profile.

Fireware XTM Web UI cannot generate the encrypted .wgx file . To generate the .wgx file, you must use Policy Manager.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base