Mobile VPN with SSL software allows users to connect, disconnect, gather more information about the connection, and exit the client or log out. The Mobile VPN with SSL Client adds an icon to the Windows operating system taskbar or macOS menu bar. You can use this icon toControl client software.
To use Mobile VPN with SSL you must:
- Check the system requirements
- Download client software
- Install the client software
- Connect to your private network
If you can't connect to the Firebox or download the Firebox installer, you canDistribute and manually install Mobile VPN with SSL client software and configuration file.
Client-Computeranforderungen
For information on which operating systems are supported by Mobile VPN with SSL, see the operating system compatibility listFireware-Versionshinweise. For changes to the WatchGuard Mobile VPN with SSL Client, see the Enhancements and Issues Fixed section in theRelease Notes. You can find themRelease Notesfor your version of Fireware OS on theFireware-VersionshinweiseSide.
TLS Requirements
The Firebox and SSLVPN clients negotiate which version of TLS to use for tunnel security. In Fireware v12.5.4 or later, the minimum TLS version accepted is TLS 1.2, which means SSLVPN clients must use TLS 1.2 or later to connect to Firebox.
Windows requirements
To update the Mobile VPN with SSL Windows Client you must have administrator rights.
- If a minor version update is available but you cannot update the client version, you can still connect to the VPN tunnel.
- If a major version update is available but you cannot update the client version, you will not be able to connect to the VPN tunnel.
In Fireware v12.5.3 or later, if the client automatically detects that an update is available but you do not have administrator rights, a message appears prompting you to contact your system administrator for help. If a minor version update is available, you can select the optionDon't show this message againCheck box This check box does not appear if a major version update is available.
In Fireware v12.5.2 or earlier, if the client automatically detects that an update is available, a message prompts you to update. However, if you do not have administrator rights, you cannot update the client.
macOS Requirements
To install the Mobile VPN with SSL client on macOS, you must have administrator rights.
Download client software
You can download the client from the WatchGuard software downloads page or from the Firebox. If your Firebox is managed in the cloud, you can download the client from WatchGuard Cloud.
In Fireware v12.5.5 or later, your web browser must support TLS 1.2 or later to download the client from Firebox.
In Fireware v12.7 or later, you can configure Mobile VPN with SSL to use AuthPoint as the authentication server. AuthPoint is WatchGuard's cloud-based multi-factor authentication solution. If you configure Mobile VPN with SSL to use AuthPoint, users can authenticate through AuthPoint to log in to the Mobile VPN with SSL software download page. For more information, seePlan your mobile VPN with SSL configuration.
To download the client from the Software Downloads page:
- Ve a laSoftware download page.
- Do one of the following:
- Of theSelect a deviceSelect the Firebox hardware model from the drop-down list.
- In the text box, enter the first four digits of the Firebox serial number.
- In the WatchGuard Mobile VPN with SSL Software section, click the Mobile VPN with SSL for Windows or Mobile VPN with SSL for macOS link.
The setup file will be downloaded to your computer.
To download the client from the Firebox:
- Authenticate to the Firebox using an HTTPS connection over the port specified by the administrator. The default port is 443.
Via port 443
https://<Firebox interface IP address>/sslvpn.html
https://<Firebox-Hostname>/sslvpn.html
Via a custom port number
https://<Firebox interface IP address>:<custom port number>/sslvpn.html
https://<firebox hostname>:<custom port number>/sslvpn.html
The authentication web page is displayed.
- write yourusernamejClave.
- If Mobile VPN with SSL is configured to use more than one authentication method, select the authentication server from theDomainthe Dropdown Lists.
The Mobile VPN with SSL download page is displayed.
- Click on thatTo disposeButton for the correct installer for your operating system: Windows (WG-MVPN-SSL.exe) or macOS (WG-MVPN-SSL.dmg).
- Save the file on your computer.
On this page you can also download Mobile VPN with SSL Client Profile for connections from any SSLVPN client that supports .OVPN configuration files. For more information on Mobile VPN with SSL Client Profile, seeUse Mobile VPN with SSL with an OpenVPN client.
To download the client from a cloud-managed Firebox in WatchGuard Cloud, seeDownload, install and connect mobile VPN with SSL client
In Fireware v12.5.4 or later, you can disable the Firebox-hosted software download page. If you disable this page, users will not be able to download Mobile VPN with SSL Client from Firebox. Users can download the client from the WatchGuard website, or you can manually distribute the client to your users. For more information, seePlan your mobile VPN with SSL configuration.
Install the client software
To install the client on Windows:
- double clickWG-MVPN-SSL.exe.
The Mobile VPN with SSL Client setup wizard starts. - Accept the default settings on each wizard screen.
- (Optional) To add a desktop icon or quick launch icon, select the check box in the wizard that corresponds to the option.
- Complete and exit the wizard.
To install the client on macOS:
- Make sure, thatSystem Preferences > Security & PrivacyYour Mac settings allow applications to be downloadedMac App Store and identified developers. This is the default.
- double clickWG-MVPN-SSL.dmg.
A volume named WatchGuard Mobile VPN is created on your desktop. - Double-click the WatchGuard Mobile VPN volumeWatchGuard Mobile VPN mit SSL-Installationsprogramm <Version>.mpkg.
The client installer starts. - Accept the default settings on each installer screen.
- Exit and exit the installer.
After you download and install the client software, the Mobile VPN client software automatically connects to the Firebox. Each time it connects to the Firebox, the client software checks for available configuration updates.
For information about performing an unattended installation so that users do not see any message boxes or prompts, seeMobile VPN unattended installation with SSL clientin the WatchGuard knowledge base.
Connect to your private network
To start the Mobile VPN with SSL client on Windows, do one of the following:
- Of thestart menu, SelectAlle Programme > WatchGuard > Mobiles VPN mit SSL-Client > Mobiles VPN mit SSL-Client.
- Double-click the Mobile VPN with SSL shortcut on your desktop.
- On the quick launch bar, click the Mobile VPN with SSL icon.
To start Mobile VPN with SSLclient on macOS:
- Open a Finder window.
- SelectApplications > WatchGuard.
- Double-click theWatchGuard Mobile VPN mit SSLApplication.
Specify client connection settings
After starting the Mobile VPN with SSL client, to start the VPN connection, you need to provide the authentication server and user account credentials. Mobile VPN with SSL does not support single sign-on (SSO).
ThatServeris the IP address of a Firebox's primary external interface, or an FQDN that resolves to that IP address. When Mobile VPN with SSL is configured on the Firebox to use a different port than the default 443 on the FireboxServertext box, you must enter the IP address or FQDN followed by a colon and the port number. For example, if Mobile VPN is configured with SSL to use port 444 and the primary external IP address is203.0.113.2, the server is203.0.113.2:444.
ThatusernameThe format depends on the authentication server that the user is authenticating against:
- If your Firebox configuration includes multiple authentication servers and you want to authenticate against an authentication server other than the default authentication server, you must specify the authentication server in theusernameThe text box.
- If your Firebox configuration includes multiple authentication servers and you want to authenticate against the default authentication server, you do not need to specify the authentication server in theusernameThe text box.
For example himusernameIt must be formatted in one of the following ways:
How to use the default authentication server
Enter the username. Example:j_smith
How to use a different authentication server
Enter the authentication server name or domain name, and then type a backslash (\) followed by the username.
Active Directory—ad1_example.com\j_smith
Firebox-DB—Firebox-DB\j_smith
authentication point(Fireware v12.7 or higher) —authentication point\jsmith
RADIO(Fireware v12.5 or higher) —rad1.ejemplo.com\j_smithÖRADIO\j_smith. You must enter the domain name specified in the RADIUS configuration on the Firebox.
RADIO(Fireware v12.4.1 or lower) —RADIO\j_smith. You should always writeRADIO.
If your configuration includes a RADIUS server and you upgrade from Fireware v12.4.1 or earlier to Fireware v12.5 or later, the Firebox uses it automaticallyRADIOas the domain name for this server. To authenticate with this server, you must enterRADIOlike the domain name. In this case, if you enter a non-RADIUS domain name, authentication will fail.
To connect to your private network from Mobile VPN with SSL client:
- insideServerIn the text box, enter or select the IP address or name of the Firebox to connect to.
By default, the last connected IP address or server name is selected. - insideusernameIn the text box, enter the username.
If Mobile VPN with SSL is configured on the Firebox to use multiple authentication methods, provide the authentication server or domain name before the username. For example,ad1_example.com\j_smith. - insideClaveIn the text box, enter the password for your user account.
The client remembers the password if the administrator has configured the authentication settings to allow it. - clickConnect.
If the connection between the SSL Client and the Firebox is momentarily lost, the SSL Client will attempt to reconnect.
For information on how to solve connection problems, seeTroubleshooting Mobile VPN with SSL.
More connection options
Two other connection options are only available on the client if the administrator has enabled them on the device you are connecting to.
Reconnect automatically
ChooseReconnect automaticallySelect the check box if you want Mobile VPN with SSL Client to automatically reconnect when the connection is lost.
remember password
Chooseremember passwordCheck the box if you want Mobile VPN with SSL Client to remember the password you entered the next time you connect.
Mobile VPN with SSL client control
When Mobile VPN is running with SSL client, the WatchGuard Mobile VPN with SSL icon appears in the system tray (Windows) or on the right side of the menu bar (macOS). The type of magnifying glass icon displayed indicates the status of the VPN connection.
Window:
-
— The VPN connection is not established. - — The VPN connection is established. You can securely connect to resources behind the firebox.
- — The client is in the process of connecting or disconnecting. The letter “W” in the icon is pulsing.
- — The client cannot connect to the server. Make sure the server's IP address, username, and password are correct. For further troubleshooting, check the Mobile VPN with SSL client logs.
— The VPN connection is not established.
— The VPN connection is established. You can securely connect to resources behind the firebox.
— The client is in the process of connecting or disconnecting. The letter “W” in the icon is pulsing.
— The client cannot connect to the server. Make sure the server's IP address, username, and password are correct. For further troubleshooting, check the Mobile VPN with SSL client logs.MacOS:
- — The VPN connection is not established.
- — The VPN connection is established. You can securely connect to resources behind the firebox.
- — The client is in the process of connecting or disconnecting. The letter “W” in the icon is pulsing.
- — The client cannot connect to the server. Make sure the server's IP address, username, and password are correct. For further troubleshooting, check the Mobile VPN with SSL client logs.
— The VPN connection is not established.
— The VPN connection is established. You can securely connect to resources behind the firebox.
— The client is in the process of connecting or disconnecting. The letter “W” in the icon is pulsing.
— The client cannot connect to the server. Make sure the server's IP address, username, and password are correct. For further troubleshooting, check the Mobile VPN with SSL client logs.macOS (Dunkelmodus):
- — The VPN connection is not established.
- — The VPN connection is established. You can securely connect to resources behind the firebox.
- — The client is in the process of connecting or disconnecting. The letter “W” in the icon is pulsing.
- — The client cannot connect to the server. Make sure the server's IP address, username, and password are correct. For further troubleshooting, check the Mobile VPN with SSL client logs.
— The VPN connection is not established.
— The VPN connection is established. You can securely connect to resources behind the firebox.
— The client is in the process of connecting or disconnecting. The letter “W” in the icon is pulsing.
— The client cannot connect to the server. Make sure the server's IP address, username, and password are correct. For further troubleshooting, check the Mobile VPN with SSL client logs.To view the list of client controls, right-click the Mobile VPN with SSL icon in the system tray (Windows) or click the Mobile VPN with SSL icon in the menu bar (macOS ). You can choose between these actions:
Disconnect connect
Start or stop Mobile VPN connection with SSL.
condition
View the status of mobile VPN with SSL connection.
View logs
Open the connection log file.
Characteristics
Windows — SelectStart program at startupto start the client when Windows starts. Enter a number forlog levelto change the level of detail included in the logs.
macOS: Shows detailed information about Mobile VPN with SSL connection. You can also set the logging level.
Show connection time (macOS only)
Select this option to show the elapsed connection time in the macOS menu bar.
Show status when connected (macOS only)
Select this option to show the connection status in the macOS menu bar.
An
The WatchGuard Mobile VPN dialog opens with information about the client software.
Exit (Windows) or Quit (macOS)
Disconnect from the Firebox and shut down the client.
See also
Uninstall mobile VPN with SSL client
Troubleshooting Mobile VPN with SSL
Mobile VPN unattended installation with SSL client
©2022WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are either registered trademarks or trademarks of WatchGuard Technologies in the US and/or other countries. Various other marks are the property of their respective owners.