Additional Mobile VPN Topics
22
Mobile User VPN
Terminating IPSec connections
To fully stop VPN connections, the Firebox must be restarted. Removing the IPSec policy does not stop
current connections.
Global VPN settings
Global VPN settings on your Firebox apply to all manual BOVPN tunnels, managed tunnels, and Mobile
VPN tunnels. You can use these settings to:
• Enable IPSec pass-through.
• Clear or maintain the settings of packets with Type of Service (TOS) bits set.
• Use an LDAP server to verify certificates.
To change these settings, from Policy Manager, select VPN > VPN Settings. For more information on
these settings, see the Basic Configuration Setup chapter in the WatchGuard System Manager User
Guide.
Seeing the number of Mobile VPN licenses
To see the number of Mobile VPN licenses that are installed, from Policy Manager, select
Setup > Feature Keys. From the Firebox Feature Keys dialog box, click Active Features. Scroll down
to the value MUVPN_USERS and look at the number in the Capacity column. This is the number of
installed Mobile VPN licenses.
Purchasing additional Mobile VPN licenses
WatchGuard Mobile VPN with IPSec is an optional feature. Each Firebox X device includes a number of
Mobile VPN licenses. You can purchase more licenses for Mobile VPN.
Licenses are available through your local reseller or at:
http://www.watchguard.com/sales
Adding feature keys
For information on adding feature keys, see “Working with Feature Keys” in the WatchGuard System
Manager User Guide.
Mobile VPN and VPN failover
You can configure VPN tunnels to fail over to a backup endpoint if the primary endpoint becomes
unavailable. For more information on VPN failover, see the WatchGuard System Manager User Guide.
If VPN failover is configured and failover occurs, Mobile VPN sessions do not continue. You must
authenticate your Mobile VPN client again to make a new Mobile VPN tunnel.
To configure VPN failover for Mobile VPN tunnels, on the General tab of the Edit MUVPN Extended
Authentication Group dialog box, enter a backup WAN interface in the Backup field in the Firebox IP
box. You can specify only one backup interface for tunnels to fail over to, even if you have additional
WAN interfaces.