We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


How do I password protect a WatchGuard Mobile VPN in WSM 7.5?

Medium Priority
Last Modified: 2013-11-16
With a VPN profile created with WSM 9.x under Profile Settings, Identities, it is possible to specify Extended Authentication (XAUTH ) with a User ID and a password.  If the password is left empty, the user must first type a password before connecting.

With a profile created with WSM 7.5, XAUTH does not work.  I also do not see an option on the WSM 7.5 Firebox to set that option.

Any thoughts on how to protect a profile with a password?  Otherwise, if I leave my laptop unattended (like lending it to a colleague for a few minutes), they can just double click the profile and have 100% admin access to my Trusted network...

Watch Question

Top Expert 2007

I am sorry but I do not fully follow the configuration options you have mentioned.

In WSM 7.x we can have extended authentication using Firebox/NT/RADIUS/CrytoCard/SecurID for MUVPN users.

I have WSM 10.x, for IPSec users I do not see any option to configure profile settings for IPSec/PPTP users.

Normally if you have configured a MUVPN user; when you double click the .wgx file you are prompted for password entered while creating the file, to load the settings in MUVPN client. After that if you have configured username authentication using external server, as you create .wgx file with group credentials, you would be prompted for username/pasword which is part of that group.

If possible please provide sanitized screenshots of the configuration options you have listed.

Thank you.


Under WSM 7.5, in the Remote User, if I Edit a user, a Wizard comes up.  
First screen is Name and Passphrase
Second screen is IPSec Tunnel Authentication (use the passphrase of the end-user profile or use a certificate issued by DVCP server)
Third screen is Allowed Resources and Virtual IP
Fourth is Tunnel Protection Config (Authentication MD5, Encryption 3DES)
--> I do not see where to setup extended authentication

On my other Firebox, under Mobile VPN with IPSec, there is Phase 2 Settings.  I assume it means the same?
Top Expert 2007
Phase II and XAUTH are different.

On 7.4; to configure XAUTH open Policy Manager, go to Setup->Authentication Servers; here configure Active Directory/RADIUS or the external server which you wish to configure.
After go to Setup->Firewall Authentication; here you specify the authentication to be enabled from. Please note in 7.x the limitation is you can have only one authentication method configured.

Now in MUVPN, when adding user/group; based on the authentication method you have configured, you would add the user/group as configured.

Please let know if you need more details.

Thank you.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Right on!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.