pramod1
asked on
VPN
I HAVE WATCHGUARD X550E. IN MY OFFICE.
I WANT TO SETUP VPN POLICY FOR MY USERS SO THAT REMOTELY THEY CAN ACCESS THEIR E-MAIL.
WE HAVE WINDOW SERVER 2010 AND CLIENTS AS OUTLLOK 2007
THEY ARE CURRENTLY USING RDC WHICH IS ON A TERMINAL SERVER.
I WANT TO IMPLEMENT VPN POLICY IN MY ORGANIZATION.
I AM NEW TO VPN AND WATCHGUARD.
1) WHICH KIND OF POLICY SHOULD I IMPLEMENT
2) WHAT CONFIGURATION I HAVE TO DO IN POLICY MANAGER
I WANT TO SETUP VPN POLICY FOR MY USERS SO THAT REMOTELY THEY CAN ACCESS THEIR E-MAIL.
WE HAVE WINDOW SERVER 2010 AND CLIENTS AS OUTLLOK 2007
THEY ARE CURRENTLY USING RDC WHICH IS ON A TERMINAL SERVER.
I WANT TO IMPLEMENT VPN POLICY IN MY ORGANIZATION.
I AM NEW TO VPN AND WATCHGUARD.
1) WHICH KIND OF POLICY SHOULD I IMPLEMENT
2) WHAT CONFIGURATION I HAVE TO DO IN POLICY MANAGER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i am running fireware v10.2.6
my ip 192.168.1.1
i have oulook 2007 running on workstations and want remote users to log in to vpn and open outlook
as well as print to local local printer which is attached to their machines
in RDC they cannot print to their local printer as they are connected remotely to terminal server.
when connected to vpn they can open their outllok on their machine and print locally
my ip 192.168.1.1
i have oulook 2007 running on workstations and want remote users to log in to vpn and open outlook
as well as print to local local printer which is attached to their machines
in RDC they cannot print to their local printer as they are connected remotely to terminal server.
when connected to vpn they can open their outllok on their machine and print locally
OK, SSL is not implemented in 10.2.6 so, step 1 is definately to upgrade to 11.3.2+ There are MAJOR new features and functionality.
What is your internal mail server? Exchange 2003, 2007, 2010, MDeamen, etc...? You still may not need VPN.
~Jon
What is your internal mail server? Exchange 2003, 2007, 2010, MDeamen, etc...? You still may not need VPN.
~Jon
ASKER
exchange 2010 standard
how come ssl is not implemented in 10.2.6
why i won't need VPN
jon can u reply
With Exchange 2007 and 2010, you can really easily implement Outlook Anywhere which would allow Outlook clients to connect DIRECTLY to the mail server using a public SSL cert ($100/yr) and no VPN. They would have 100% full functionality within Outlook and no need for the VPN.
SSL implementation is new to WG. I dont recall if it was there in 10.2 or if it was a new feature of v11. However, it definately did not work well until 11.3. Under your circumstances, I would not recommend it as the best solution though.
Setup Outlook Anywhere and be done. For Outlook Anywhere assistance, I would open a new question. But long and short of it is...
1) Configure Outlook Anywhere in Exchange. Same type of configuration as Active Sync.
2) Purchase the cert
3) Request a cert from the CA with the CSR generated from Exchange
4) Install the cert in Exchange
5) Create a DNS entry for Autodiscover.{domain name).com to point to your external IP which should be the same as OWA and also the same as your MX record.
6) Create HTTPS rule in the firewall to direct HTTPS traffic from the public IP to your exchange server.
7) Should be done. Also, your iPhones, Androids, Blackberries, Windows Mobile devices will all work better.
~Jon
SSL implementation is new to WG. I dont recall if it was there in 10.2 or if it was a new feature of v11. However, it definately did not work well until 11.3. Under your circumstances, I would not recommend it as the best solution though.
Setup Outlook Anywhere and be done. For Outlook Anywhere assistance, I would open a new question. But long and short of it is...
1) Configure Outlook Anywhere in Exchange. Same type of configuration as Active Sync.
2) Purchase the cert
3) Request a cert from the CA with the CSR generated from Exchange
4) Install the cert in Exchange
5) Create a DNS entry for Autodiscover.{domain name).com to point to your external IP which should be the same as OWA and also the same as your MX record.
6) Create HTTPS rule in the firewall to direct HTTPS traffic from the public IP to your exchange server.
7) Should be done. Also, your iPhones, Androids, Blackberries, Windows Mobile devices will all work better.
~Jon
Login to the firebox, on the left Open "VPN". Click Mobile VPN with SSL.
Check the enable VPN checkbox. Enter all of the required information as needed. On the advanced tab enter your internal DNS server IP.
Be sure to create user accounts on the firewall for each person that will want access to the VPN.
The users who wish to access the VPN will now need to install the client and use it to connect. You should be able to download the client here https://<YourFireboxIP>:4100 Just plug your firewall's IP in where it says <YourFireBoxIP>. Users will need to login using the credentials you specified when creating their user on the firewall.
Don't try to test VPN connectivity from behind your firewall, as this will most likely fail. Set it all up and test from another network, such as your home.