Entering license keys, Preparing mobile user vpn configuration files – WatchGuard Technologies FireboxTM System 4.6 User Manual

Configuring the Firebox for Mobile User VPN

138

automatically included in the Policy Manager software, to activate the feature a
license for each installation of the client software must be purchased. To purchase
IPSec license keys, contact your local reseller or visit:

http://www.watchguard.com/sales

Entering license keys

The first step in configuring the Firebox for Mobile User VPN is to enter the license
key(s) into the Firebox configuration file. The Firebox automatically restricts the
number of Mobile User VPN connections to the sum of the number of seats each
license key provides. From Policy Manager:

1

Select Network => Remote User. Click the Mobile User Licenses tab.

2

Enter the license key in the text field to the left of the Add button. Click Add.

The license key appears in the list of client licenses configured for use with the Firebox. Repeat

the add-license process until you have added all of your keys.

Preparing Mobile User VPN configuration files

With Mobile User VPN, the network security administrator controls end-user
configuration settings. Use Policy Manager to define an end-user and generate a
configuration file with the extension .exp. The

.exp

file contains the shared key, user

identification, IP addresses, and settings required to create a secure tunnel between
the remote computer and the Firebox.

Defining a new mobile user

From Policy Manager:

1

Select Network => Remote User. Click the Mobile User VPN tab.

2

Click Add.

The Mobile User VPN wizard appears.

3

Click Next.

4

Use the Select User Name drop list to select a user.

The only names that appear in the drop list are users who have not already been configured for

Mobile User VPN. To add a new user, click Add New

Add New

Add New

Add New. For more information on adding a new

user, see “Adding a member to built-in RUVPN user groups” on page 134.

5

Enter the shared key.

The shared key is not the same as the Firebox Users authentication password. However, you can

enter the same value for both the key and the password.

6

Click Next.

The Allowed Resource and Virtual IP Address form appears. By default, the IP address of the

Trusted network appears in the Allow User Access To field. This provides the Mobile User VPN

user with access to the Trusted network.

7

Enter the end-user virtual IP address. Click Next.

8

Use the Type drop list to select an encryption method.

Options include: ESP (Encapsulated Security Protocol) and/or AH (Authenticated Headers) or

AH Only.

9

Use the Authentication drop list to select an authentication method.

Options include: None (no authentication), MD5-HMAC (128-bit algorithm), or SHA1-HMAC

(160-bit algorithm).