WatchGuard Technologies FireboxTM System 4.6 User Manual
Configuring the Firebox for Remote User PPTP
136
- From: Selected
- To: pptp_users or ipsec_users
Configuring the Firebox for Remote User PPTP
Configuring the Firebox for Remote User PPTP requires that you perform the
following:
following:
• Enter IP addresses and networks used for clients
• Add usernames to the built-in Firebox User group pptp_users
• Activate the Remote User PPTP feature
• Configure service properties using pptp_users
• Verify WINS and DNS server settings
Activating Remote User PPTP
The first step to configuring Remote User PPTP is to activate the feature. Activating
Remote User PPTP adds the wg_pptp service icon to the Services Arena. The icon is
visible only in the Advanced view of Policy Manager. The wg_pptp icon rarely
requires modification. WatchGuard recommends leaving wg_pptp in its default
settings. From Policy Manager:
Remote User PPTP adds the wg_pptp service icon to the Services Arena. The icon is
visible only in the Advanced view of Policy Manager. The wg_pptp icon rarely
requires modification. WatchGuard recommends leaving wg_pptp in its default
settings. From Policy Manager:
1
Select Network => Remote User. Click the PPTP tab.
2
Enable the Activate Remote User checkbox.
3
If necessary, enable the Enable Drop from 128-bit to 40-bit checkbox.
In general, the encryption drop control is used only by international customers.
Entering IP addresses for Remote User sessions
Remote User PPTP supports only 50 concurrent sessions, but you can configure a
virtually unlimited number of client computers. The Firebox dynamically assigns an
open IP address to each incoming RUVPN session from a pool of available addresses
until this number is reached. After the user closes a session, the address reverts to the
available pool and can be assigned to the next user who attempts to log on.
virtually unlimited number of client computers. The Firebox dynamically assigns an
open IP address to each incoming RUVPN session from a pool of available addresses
until this number is reached. After the user closes a session, the address reverts to the
available pool and can be assigned to the next user who attempts to log on.
Use Policy Manager to assign individual addresses or a single network to the
available pool. The safest method is to fabricate a Secondary Network address (see
“Adding a secondary network” on page 38) and choose the IP addresses from that
network range. That way, you draw from a range of addresses already declared to
Policy Manager, but which cannot clash with real host addresses in use behind the
Firebox. Using this method, you must also configure the client machine to use the
default gateway on the remote host (see “Configuring the remote host for RUVPN
with PPTP” on page 145).
available pool. The safest method is to fabricate a Secondary Network address (see
“Adding a secondary network” on page 38) and choose the IP addresses from that
network range. That way, you draw from a range of addresses already declared to
Policy Manager, but which cannot clash with real host addresses in use behind the
Firebox. Using this method, you must also configure the client machine to use the
default gateway on the remote host (see “Configuring the remote host for RUVPN
with PPTP” on page 145).
If you want to set up RUVPN for users behind a Firebox (connecting to
another Firebox), they must be on a public subnet, and the wg_pptp service
icon must be added in the Services Arena. Or, create a BOVPN tunnel.