How do I password protect a WatchGuard Mobile VPN in WSM 7.5?

With a VPN profile created with WSM 9.x under Profile Settings, Identities, it is possible to specify Extended Authentication (XAUTH ) with a User ID and a password.  If the password is left empty, the user must first type a password before connecting.

With a profile created with WSM 7.5, XAUTH does not work.  I also do not see an option on the WSM 7.5 Firebox to set that option.

Any thoughts on how to protect a profile with a password?  Otherwise, if I leave my laptop unattended (like lending it to a colleague for a few minutes), they can just double click the profile and have 100% admin access to my Trusted network...

Thanks
LVL 2
Francois KoutchoukCTOAsked:
Who is Participating?
 
dpk_walConnect With a Mentor Commented:
Phase II and XAUTH are different.

On 7.4; to configure XAUTH open Policy Manager, go to Setup->Authentication Servers; here configure Active Directory/RADIUS or the external server which you wish to configure.
After go to Setup->Firewall Authentication; here you specify the authentication to be enabled from. Please note in 7.x the limitation is you can have only one authentication method configured.

Now in MUVPN, when adding user/group; based on the authentication method you have configured, you would add the user/group as configured.

Please let know if you need more details.

Thank you.
0
 
dpk_walCommented:
I am sorry but I do not fully follow the configuration options you have mentioned.

In WSM 7.x we can have extended authentication using Firebox/NT/RADIUS/CrytoCard/SecurID for MUVPN users.

I have WSM 10.x, for IPSec users I do not see any option to configure profile settings for IPSec/PPTP users.

Normally if you have configured a MUVPN user; when you double click the .wgx file you are prompted for password entered while creating the file, to load the settings in MUVPN client. After that if you have configured username authentication using external server, as you create .wgx file with group credentials, you would be prompted for username/pasword which is part of that group.

If possible please provide sanitized screenshots of the configuration options you have listed.

Thank you.
0
 
Francois KoutchoukCTOAuthor Commented:
Under WSM 7.5, in the Remote User, if I Edit a user, a Wizard comes up.  
First screen is Name and Passphrase
Second screen is IPSec Tunnel Authentication (use the passphrase of the end-user profile or use a certificate issued by DVCP server)
Third screen is Allowed Resources and Virtual IP
Fourth is Tunnel Protection Config (Authentication MD5, Encryption 3DES)
--> I do not see where to setup extended authentication

On my other Firebox, under Mobile VPN with IPSec, there is Phase 2 Settings.  I assume it means the same?
0
 
Francois KoutchoukCTOAuthor Commented:
Right on!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.