Mobile User VPN (IPSec) and PPTP VPN Configuration

WatchGuard® Made Simple

This site is for common setup practices as well as tips and tricks for WatchGuard® Firewall products and contain editorial content. While every effort is made to ensure all information is correct and concise, no warranty of any kind is expressed or implied, and all information is provided on an "as is" basis.

WatchGuard® is not affiliated with this site and all trademarks and graphics referenced are the property of WatchGuard Technologies Inc. or their respective owners. All other content is the property of Fireboxsupport.com and may not be reproduced without permission.

PLEASE REFRESH THE PAGES IF YOU HAVE VISITED PREVIOUSLY! - NEW CONTENT ADDED! 01/02/2007

Common Practices

Fireware Pro

Configurations and examples

Firebox SSL VPN

Firebox Core SSL VPN

Firebox X Core/Edge

Setup -

Branch Office VPN (IPSec) - Firebox/Soho

Proxy Configuration

Webblocker Configuration

Remote User configuration using MUVPN & PPTP

Spamscreen®

High Availability

Troubleshooting -

Firebox X Resetting

Rebuilding your configuration

Backing Up/Restoring your Firebox Image.

WatchGuard Support Programs

Top

MoneyCentral Stock Quote

Enter (WGRD)

Mobile User VPN (IPSec) and PPTP VPN Configuration.

Firebox® III/X MUVPN

Soho6® MUVPN

Firebox Edge MUVPN

Firebox II/III/X PPTP Configuration

(Additional Firebox PPTP information)

Notes:

Remote user connections are a key feature to many users. But take into consideration what the remote users intend to use it for and how much bandwidth they will need to function. Keep in mind that if your remote users only have dial up, it will function, but will be so slow your users may find it unusable for their needs. If your clients do not have a broadband connection be sure to explain how slow it can be.

PPTP server capability comes standard on the Firebox II/III/X models. While MUVPN is an option that requires purchase of a license. Configuration is very simple compared to MUVPN (IPSec). Some users desire a higher level of security, so your choice depends on use. If PPTP was easily hacked it would be removed from Windows. It does indeed have less encryption strength and "can possibly" be hacked. But so can IPSec if configured improperly. With PPTP, any Windows 2000, or Windows XP machine can connect and authenticate to your internal network with the proper credentials with no additional software needed for the client as it is already installed on the Windows operating system.

Soho6 units can also serve as a MUVPN endpoint, but also require purchase of a license key to use this feature.

One of the most common problems is the assumption that you only need to configure the client to connect to the Firebox and all the machines at the Firebox location will automatically show up in your network neighborhood.

Not true. You need to understand name resolution and how it functions. Once you have a connection over VPN with either method, you cannot broadcast like you can locally which makes network neighborhood work in this manner at your main location. Your best bet is to make sure you have the WINS service installed and running on a server at the main location. Then your remote clients need only know the IP of the WINS server on their TCP/IP settings and you will be able to locate all machines by their computer names and will be able to map drives and complete network functions as if you were in the office directly.

WatchGuard cannot troubleshoot your network issues with mapping drives and locating resources or setting permissions. Once a tunnel is up, and you are allowing the traffic through the Firewall, and you can ping, it is up to you as the administrator to configure name resolution. WatchGuard has provided a good outline on NETBIOS name resolution and helps you better understand what you need for your situation at the following link on their site.

https://www.watchguard.com/support/AdvancedFaqs/muvpn-sn_netbios.asp

Top User Forum