Saving the configuration to a firebox, Distributing the software and configuration files – WatchGuard Technologies FireboxTM System 4.6 User Manual

User Guide

139

Configuring the Firebox for Mobile User VPN

10 Use the Encryption drop list to select an encryption method.

Options available with the strong encryption version of WatchGuard Firebox System include:

None (no encryption), DES-CBC (56-bit), and 3DES-CBC (168-bit).

11 Click Next. Click Finish.

The wizard closes and the username appears in the Remote User VPN Setup dialog box on the

Mobile User tab Users list.

12 Click OK.

Modifying an existing Mobile User VPN entry

Use the Mobile User VPN wizard to generate a new

.exp

file every time you want to

change the end-user configuration file. Reasons to change an end-user configuration
include:

• Modifying the shared key

• Adding access to additional hosts or networks

• Restricting access to a single destination port, source port, or protocol

• Modifying the encryption or authentication parameters

From Policy Manager:

1

Select Network => Remote User.

2

In the Users list on the Mobile User VPN tab, click the username.

3

Click Edit.

The Mobile User VPN wizard appears, displaying the User Name and Pass Phrase form.

4

Use Next to step through the wizard, reconfiguring the end-user configuration
according to your security policy preferences.

5

To add access to a new network or host, proceed to the Multiple Policy
Configuration step in the Mobile User VPN wizard. Click Add.

You can also use the Multiple Policy Configuration step to change the virtual IP address

assigned to the remote user.

6

Use the drop list to select Network or Host. Type the IP address. Use the Dst Port,
Protocol, and Src Port options to restrict access. Click OK.

The new IP address appears in the Configured Policies list.

7

Step completely through the wizard until the final screen. Click Finish.

You must click Finish to ensure that the wizard creates a new

.exp

file and writes the modified

settings to the Firebox configuration file.

8

Click OK.

Saving the configuration to a Firebox

To activate new Mobile User configuration settings, you must save the configuration
file to the primary area of the Firebox flash disk. For instructions, see “Saving a
configuration to the Firebox” on page 24.

Distributing the software and configuration files

WatchGuard recommends distributing end-user configuration files on a floppy disk
or by encrypted e-mail. Each client machine needs the following:

• Remote client installation package