beautypg.com

Terminating ipsec connections, Global vpn settings, Seeing the number of mobile vpn licenses – WatchGuard VPN v10.0 User Manual

Page 24: Purchasing additional mobile vpn licenses, Adding feature keys, Mobile vpn and vpn failover

background image

Additional Mobile VPN Topics

22

Mobile User VPN

Terminating IPSec connections

To fully stop VPN connections, the Firebox must be restarted. Removing the IPSec policy does not stop
current connections.

Global VPN settings

Global VPN settings on your Firebox apply to all manual BOVPN tunnels, managed tunnels, and Mobile
VPN tunnels. You can use these settings to:

Enable IPSec pass-through.

Clear or maintain the settings of packets with Type of Service (TOS) bits set.

Use an LDAP server to verify certificates.

To change these settings, from Policy Manager, select VPN > VPN Settings. For more information on
these settings, see the Basic Configuration Setup chapter in the WatchGuard System Manager User
Guide
.

Seeing the number of Mobile VPN licenses

To see the number of Mobile VPN licenses that are installed, from Policy Manager, select

Setup > Feature Keys. From the Firebox Feature Keys dialog box, click Active Features. Scroll down
to the value MUVPN_USERS and look at the number in the Capacity column. This is the number of
installed Mobile VPN licenses.

Purchasing additional Mobile VPN licenses

WatchGuard Mobile VPN with IPSec is an optional feature. Each Firebox X device includes a number of
Mobile VPN licenses. You can purchase more licenses for Mobile VPN.

Licenses are available through your local reseller or at:

http://www.watchguard.com/sales

Adding feature keys

For information on adding feature keys, see “Working with Feature Keys” in the WatchGuard System
Manager User Guide
.

Mobile VPN and VPN failover

You can configure VPN tunnels to fail over to a backup endpoint if the primary endpoint becomes
unavailable. For more information on VPN failover, see the WatchGuard System Manager User Guide.

If VPN failover is configured and failover occurs, Mobile VPN sessions do not continue. You must
authenticate your Mobile VPN client again to make a new Mobile VPN tunnel.

To configure VPN failover for Mobile VPN tunnels, on the General tab of the Edit MUVPN Extended
Authentication Group
dialog box, enter a backup WAN interface in the Backup field in the Firebox IP
box. You can specify only one backup interface for tunnels to fail over to, even if you have additional
WAN interfaces.