Enabling the link firewall – WatchGuard VPN v10.0 User Manual
Page 31
Administrator Guide
29
Securing Your Computer with the Mobile VPN Firewall
Securing Your Computer with the Mobile VPN Firewall
The WatchGuard® Mobile VPN with IPSec client includes two firewall components:
Link firewall
The link firewall is not enabled by default. When the link firewall is enabled, your computer will
discard any packets received from other computers. You can choose to enable the link firewall
only when a Mobile VPN tunnel is active, or enable it all the time.
Desktop firewall
This full-featured firewall can control connections to and from your computer. You can define
friendly networks and set access rules separately for friendly and unknown networks.
Enabling the link firewall
When the link firewall is enabled, the Mobile VPN client software drops any packets sent to your com-
puter from other hosts. It allows only packets sent to your computer in response to packets your com-
puter sends. For example, if you send a request to an HTTP server through the tunnel from your
computer, the reply traffic from the HTTP server is allowed. If a host tries to send an HTTP request to
your computer through the tunnel, it is denied.
To enable the link firewall:
1
From the WatchGuard Mobile VPN Connection Monitor, select
Configuration > Profile Settings.
2
Select the profile you want to enable the link firewall for and select Configure.
3
From the left pane, select Link Firewall.