[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


How do I password protect a WatchGuard Mobile VPN in WSM 7.5?

Posted on 2009-02-08
Medium Priority
Last Modified: 2013-11-16
With a VPN profile created with WSM 9.x under Profile Settings, Identities, it is possible to specify Extended Authentication (XAUTH ) with a User ID and a password.  If the password is left empty, the user must first type a password before connecting.

With a profile created with WSM 7.5, XAUTH does not work.  I also do not see an option on the WSM 7.5 Firebox to set that option.

Any thoughts on how to protect a profile with a password?  Otherwise, if I leave my laptop unattended (like lending it to a colleague for a few minutes), they can just double click the profile and have 100% admin access to my Trusted network...

Question by:Francois Koutchouk
  • 2
  • 2
LVL 32

Expert Comment

ID: 23592443
I am sorry but I do not fully follow the configuration options you have mentioned.

In WSM 7.x we can have extended authentication using Firebox/NT/RADIUS/CrytoCard/SecurID for MUVPN users.

I have WSM 10.x, for IPSec users I do not see any option to configure profile settings for IPSec/PPTP users.

Normally if you have configured a MUVPN user; when you double click the .wgx file you are prompted for password entered while creating the file, to load the settings in MUVPN client. After that if you have configured username authentication using external server, as you create .wgx file with group credentials, you would be prompted for username/pasword which is part of that group.

If possible please provide sanitized screenshots of the configuration options you have listed.

Thank you.

Author Comment

by:Francois Koutchouk
ID: 23601925
Under WSM 7.5, in the Remote User, if I Edit a user, a Wizard comes up.  
First screen is Name and Passphrase
Second screen is IPSec Tunnel Authentication (use the passphrase of the end-user profile or use a certificate issued by DVCP server)
Third screen is Allowed Resources and Virtual IP
Fourth is Tunnel Protection Config (Authentication MD5, Encryption 3DES)
--> I do not see where to setup extended authentication

On my other Firebox, under Mobile VPN with IPSec, there is Phase 2 Settings.  I assume it means the same?
LVL 32

Accepted Solution

dpk_wal earned 500 total points
ID: 23602670
Phase II and XAUTH are different.

On 7.4; to configure XAUTH open Policy Manager, go to Setup->Authentication Servers; here configure Active Directory/RADIUS or the external server which you wish to configure.
After go to Setup->Firewall Authentication; here you specify the authentication to be enabled from. Please note in 7.x the limitation is you can have only one authentication method configured.

Now in MUVPN, when adding user/group; based on the authentication method you have configured, you would add the user/group as configured.

Please let know if you need more details.

Thank you.

Author Closing Comment

by:Francois Koutchouk
ID: 31544413
Right on!

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question