How do I password protect a WatchGuard Mobile VPN in WSM 7.5?

Posted on 2009-02-08
Last Modified: 2013-11-16
With a VPN profile created with WSM 9.x under Profile Settings, Identities, it is possible to specify Extended Authentication (XAUTH ) with a User ID and a password.  If the password is left empty, the user must first type a password before connecting.

With a profile created with WSM 7.5, XAUTH does not work.  I also do not see an option on the WSM 7.5 Firebox to set that option.

Any thoughts on how to protect a profile with a password?  Otherwise, if I leave my laptop unattended (like lending it to a colleague for a few minutes), they can just double click the profile and have 100% admin access to my Trusted network...

Question by:FKoutchouk
    LVL 32

    Expert Comment

    I am sorry but I do not fully follow the configuration options you have mentioned.

    In WSM 7.x we can have extended authentication using Firebox/NT/RADIUS/CrytoCard/SecurID for MUVPN users.

    I have WSM 10.x, for IPSec users I do not see any option to configure profile settings for IPSec/PPTP users.

    Normally if you have configured a MUVPN user; when you double click the .wgx file you are prompted for password entered while creating the file, to load the settings in MUVPN client. After that if you have configured username authentication using external server, as you create .wgx file with group credentials, you would be prompted for username/pasword which is part of that group.

    If possible please provide sanitized screenshots of the configuration options you have listed.

    Thank you.
    LVL 1

    Author Comment

    Under WSM 7.5, in the Remote User, if I Edit a user, a Wizard comes up.  
    First screen is Name and Passphrase
    Second screen is IPSec Tunnel Authentication (use the passphrase of the end-user profile or use a certificate issued by DVCP server)
    Third screen is Allowed Resources and Virtual IP
    Fourth is Tunnel Protection Config (Authentication MD5, Encryption 3DES)
    --> I do not see where to setup extended authentication

    On my other Firebox, under Mobile VPN with IPSec, there is Phase 2 Settings.  I assume it means the same?
    LVL 32

    Accepted Solution

    Phase II and XAUTH are different.

    On 7.4; to configure XAUTH open Policy Manager, go to Setup->Authentication Servers; here configure Active Directory/RADIUS or the external server which you wish to configure.
    After go to Setup->Firewall Authentication; here you specify the authentication to be enabled from. Please note in 7.x the limitation is you can have only one authentication method configured.

    Now in MUVPN, when adding user/group; based on the authentication method you have configured, you would add the user/group as configured.

    Please let know if you need more details.

    Thank you.
    LVL 1

    Author Closing Comment

    Right on!

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now