<![CDATA[ ]]>
Related Topics
The Mobile VPN with SSL software enables users to connect, disconnect, gather more information about the connection, and to exit or quit the client. The Mobile VPN with SSL client adds an icon to the system tray on the Windows operating system, or an icon in the menu bar on Mac OS X. You can use this icon to control the client software.
To use Mobile VPN with SSL, you must:
- Verify system requirements
- Download the client software
- Install the client software
- Connect to your private network
If you are unable to connect to the Firebox, or cannot download the installer from the Firebox, you can Manually Distribute and Install the Mobile VPN with SSL Client Software and Configuration File.
Client Computer Requirements
For information about which operating systems are compatible with your Mobile VPN with SSL Client, see the Operating System Compatibility list in the Fireware Release Notes. You can find the Release Notes for your version of Fireware OSon the Fireware Release Notes page of the WatchGuard website.
To install the Mobile VPN with SSLclient on Mac OS X, you must have administrator privileges.
To use the Mobile VPN with SSLclient to connect, the client computer must support TLS 1.1 or higher. Windows 7 does not enable this by default.
To enable TLS 1.1 and TLS1.2 in Windows 7:
- Open the Windows Control Panel.
- Select Internet Options > Advanced.
- Select the Use TLS 1.1 and Use TLS1.2 check boxes.
Mac OSX 10.6, 10.7, 10.8, Windows XPand Windows Vista do not support TLS 1.1. Mobile VPN with SSLconnections are not supported from these operating systems.
Download the Client Software
To download the client software, you authenticate to the Firebox with an HTTPS connection over port 443 unless you configured a custom port number.
- Connect to one of these addresses with a web browser:
Over port 443
https://<device interface IP address>/sslvpn.html
https://<device host name>/sslvpn.html
Over a custom port number
https://<device interface IP address>:<custom port number>/sslvpn.html
https://<device host name>:<custom port number>/sslvpn.html
The authentication web page appears. <![CDATA[ ]]>
- Type your Username and Password.
- If Mobile VPN with SSLis configured to use more than one authentication method, select the authentication server from the Domain drop-down list.
For a WatchGuard device that uses Fireware XTMv11.8.x or lower, the Domain drop-down list does not appear. If your user account is from an authentication server other than the server specified as the default authentication server, when you type the user name in the Username text box, you must also specify the authentication server. For example:- If RADIUS is the authentication server — radius\j_smith
- If the Active Directory server ad1_example.com is the authentication server — ad1_example.com\j_smith
- If Firebox-DB is the authentication server — Firebox-DB\j_smith
The Mobile VPN with SSLdownload page appears.
- Click the Download button for the correct installer for your operating system: Windows (WG-MVPN-SSL.exe) or Mac OS X (WG-MVPN-SSL.dmg).
- Save the file to your computer.
From this page, you can also download the Mobile VPN with SSLclient profile for connections from any SSLVPN client that supports .OVPN configuration files. For more information about the Mobile VPN with SSLclient profile, see Use Mobile VPN with SSL with an OpenVPN Client.
Install the Client Software
Microsoft Windows
- Double-click WG-MVPN-SSL.exe.
The Mobile VPN with SSL client Setup Wizard starts. - Accept the default settings on each screen of the wizard.
- (Optional) To add a desktop icon or a Quick Launch icon, select the check box in the wizard that matches the option.
- Finish and exit the wizard.
Mac OS X
- Make sure that the System Preferences > Security and Privacy settings on your Mac allow apps downloaded from Mac App Store and identified developers. This is the default setting.
- Double-click WG-MVPN-SSL.dmg.
A volume named WatchGuard Mobile VPN is created on your desktop. - In the WatchGuard Mobile VPN volume, double-click WatchGuard Mobile VPN with SSL Installer <version>.mpkg.
The client installer starts. - Accept the default settings on each screen of the installer.
- Finish and exit the installer.
After you download and install the client software, the Mobile VPN client software automatically connects to the Firebox. Each time you connect to the Firebox, the client software verifies whether any configuration updates are available.
Connect to Your Private Network
Microsoft Windows
To start the Mobile VPN with SSL client:
- From the Start Menu, select All Programs > WatchGuard > Mobile VPN with SSL client > Mobile VPN with SSL client.
- Double-click the Mobile VPN with SSL shortcut on your desktop.
- Click the Mobile VPN with SSL icon in the Quick Launch toolbar.
Mac OS X
To start the Mobile VPN with SSLclient on Mac OS X:
- Open a Finder window.
- Select Applications > WatchGuard.
- Double-click the WatchGuard Mobile VPN with SSL application.
Complete the Client Connection
After you have started the Mobile VPN with SSL Client, to start the VPN connection, you must specify the authentication server and user account credentials.
The Server is the IP address of the primary external interface of a Firebox. If Mobile VPN with SSLon the Firebox is configured to use a port other than the default port 443, in the Server text box, you must type the primary external interface followed by a colon and the port number. For example, if Mobile VPN with SSL is configured to use port 444, and the primary external IPaddress is 203.0.113.2, the Server is 203.0.113.2:444.
The User name can include the authentication server and user name of the user account. If Mobile VPN with SSL on the Firebox is configured to use multiple authentication methods, user accounts from an authentication server other than the server specified as the default authentication server must specify the authentication server or domain as part of the user name.
The user name must be in one of these formats:
Use the default authentication server
In the User name text box, type the user name.
Example: j_smith
Use another authentication server
In the User name text box, type <authentication server>\<user name>.
Examples:
- If RADIUS is the authentication server — radius\j_smith
- If the Active Directory server ad1_example.com is the authentication server —ad1_example.com\j_smith
- If Firebox-DB is the authentication server —Firebox-DB\j_smith
SSL client users must specify their user account credentials. Mobile VPN with SSLdoes not support Single Sign-On (SSO). If the connection between the SSL client and the Firebox is temporarily lost, the SSL client tries to establish the connection again.
To connect to your private network from the Mobile VPNwith SSL client:
- In the Server text box, type or select the address of the Firebox to connect to.
The IPaddress of the server you most recently connected to is selected by default. - In the User name text box, type the user name.
If Mobile VPN with SSL on the Firebox is configured to use multiple authentication methods, you can specify the authentication server or domain name with the user name. For example, radius\j_smith. - In the Password text box, type the password for your user account.
The client can remember the password, if the administrator configures the authentication settings to allow it. - Click Connect.
If users cannot connect to the VPN, check for these common causes:
- Incorrect DNS settings
- Incorrect user group settings
- Disabled, deleted, or misconfigured policies
- IP address pool overlap
Other Connection Options
Two other connection options are available in the client only if the administrator has enabled them on the device you connect to.
Automatically reconnect
Select the Automatically reconnect check box if you want the Mobile VPN with SSLclient to automatically reconnect when the connection is lost.
Remember password
Select the Remember password check box if you want the Mobile VPN with SSL client to remember the password you typed for the next time you connect.
Mobile VPN with SSL Client Controls
When the Mobile VPN with SSL client runs, the WatchGuard Mobile VPN with SSL icon appears in the system tray (Windows) or on the right side of the menu bar (Mac OS X). The type of magnifying glass icon that appears shows the VPN connection status.
Windows:
-
— The VPN connection is not established. - — The VPN connection has been established. You can securely connect to resources behind the Firebox.
- — The client is in the process of connecting or disconnecting. The "W" letter in the icon pulsates.
- — The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL.
— The VPN connection is not established.
— The VPN connection has been established. You can securely connect to resources behind the Firebox.
— The client is in the process of connecting or disconnecting. The "W" letter in the icon pulsates.
— The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL. Mac OS X:
- — The VPN connection is not established.
- — The VPN connection has been established. You can securely connect to resources behind the Firebox.
- — The client is in the process of connecting or disconnecting. The "W" letter in the icon pulsates.
- — The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL.
— The VPN connection is not established.
— The VPN connection has been established. You can securely connect to resources behind the Firebox.
— The client is in the process of connecting or disconnecting. The "W" letter in the icon pulsates.
— The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL. Mac OS X (Dark Mode):
- — The VPN connection is not established.
- — The VPN connection has been established. You can securely connect to resources behind the Firebox.
- — The client is in the process of connecting or disconnecting. The "W" letter in the icon pulsates.
- — The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL.
— The VPN connection is not established.
— The VPN connection has been established. You can securely connect to resources behind the Firebox.
— The client is in the process of connecting or disconnecting. The "W" letter in the icon pulsates.
— The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL. To see the client controls list, right-click the Mobile VPN with SSL icon in the system tray (Windows), or click the Mobile VPN with SSL icon in the menu bar (Mac OS X). You can select from these actions:
Connect/Disconnect
Start or stop the Mobile VPN with SSL connection.
Status
See the status of the Mobile VPN with SSL connection.
View Logs
Open the connection log file.
Properties
Windows — Select Launch program on startup to start the client when Windows starts. Type a number for Log level to change the level of detail included in the logs.
Mac OS X — Shows detailed information about the Mobile VPN with SSLconnection. You can also set the log level.
Show Time Connected (Mac OSXonly)
Select to display the elapsed connection time on the Mac OS X menu bar.
Show Status While Connecting (Mac OSXonly)
Select to display the connection status on the Mac OS X menu bar.
About
The WatchGuard Mobile VPN dialog box opens with information about the client software.
Exit (Windows) or Quit (Mac OS X)
Disconnect from the Firebox and shut down the client.
See Also
Uninstall the Mobile VPN with SSL Client
Give Us Feedback• Get Support• All Product Documentation• Technical Search
© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.
