Setting up each necessary component was easy, the only difficulty with WatchGuard itself was that users who had older version of the VPN client had to uninstall older version before they could install and use the latest client version. IPsec tends to support more clients because of the crypto hardware. Implemented multi-factor authentication using WatchGuard Mobile VPN with SSL, using RADIUS and Google Authenticator. 2 and 3 series devices (as well as older models) start with 5 users and can be upgraded to a max that varies by model, newer 5-series and up just have a number that varies by model. IPsec is licensed with "user packs", sometimes. SSL VPN is licensed with pro, if your device has pro, you have the max number of SSL clients (this varies by model) Once the client is installed the vpn profile needs to be delivered to the client. The IPsec client distributed by WatchGuard is the 2.2.0 Shrew Client released, 2.2.2 is available on as of. If they are an iOS or Android user with OpenVPN Connect they can download the. From here they can download the SSL VPN client for Window or Mac. The SSL VPN client can be installed by going to and logging in using the SSL VPN user's credentials. Installation and deploying profiles: (advantage SSL) The XTM devices have crypto hardware for IPsec only, SSL is handled by the CPU, as a result SSL could be slower depending on CPU usage in your environment. I tend to recommend what works for you in your environment. Running both SSL and IPsec shouldn't cause conflicts unless you configured the same virtual IP pools on both, I can't think of any other potential conflict.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |