WatchGuard
Mobile VPN
Create secure connections to your corporate network.
Virtual Private Networks (VPNs) are the most effective way to keep your business communications over the Internet private and secure. WatchGuard® products are capable of delivering strong encryption to protect VPN connections and IPSec tunnel routing, which reduces the complexity of managing multiple VPN tunnels.
What is a VPN?
Virtual Private Networking (VPN) uses cryptography to scramble data so it's unreadable while traveling over the Internet, thus providing privacy over public lines. Deploying VPNs enables businesses to deliver secure, encrypted connectivity for traveling employees, remote offices, and telecommuters who require access to critical corporate network resources including email, network drives, and intranet resources.
WatchGuard Integrated Mobile VPN Client Overview:
- The right product for businesses that want an all-in-one security solution combining firewall with VPN for secure site-to-site connectivity, as well as secure remote access for some mobile users.
- Multiple VPN choices are built into all WatchGuard XTM and Firebox X e-Series appliances for flexibility in secure connectivity
- Branch Office VPN allows secure site-to-site connectivity over IPSec
- Easy drag-and-drop VPN setup – three clicks and the remote office is connected
- Includes Mobile VPN clients – using IPSec or SSL – for secure remote connectivity
- Pairing VPN capabilities with a strong firewall allows for streamlined administration
- These solutions have optional security subscriptions that boost protection in critical attack areas, providing comprehensive and unified threat management
VPN Capability:
All WatchGuard® XTM and Firebox® X e-Series appliances support:
- Mobile VPN PPTP Clients
- Mobile VPN IPSec Clients
- Mobile VPN SSL Clients
- Branch Office VPN with IPSec
VPN Support:
WatchGuard offers Mobile VPN and Branch Office VPN support.
Mobile VPN - WatchGuard Mobile VPN gives your traveling employees and telecommuters a secure connection to your corporate network. This cost-effective solution allows you to use a standard Internet connection, eliminating expensive long-distance charges. By deploying Mobile VPNs from your centrally managed security appliance, you also save time and money by eliminating the need to maintain dedicated modem banks and remote access servers.
Three types of Mobile VPN are available, PPTP Client, NCP® Client, and SSL.
- PPTP Client - A standard component of Firebox® X, Firebox® X e-Series this version Mobile User VPN utilizes the widely accepted Point-to-Point Tunneling Protocol (PPTP) bundled with most Microsoft Operating systems.
How PPTP Works - A PPTP tunnel is established using the Dial-Up Networking dialog on a Windows workstation. Remote users are authenticated using MS-CHAP against a user/password list maintained in the Firebox configuration or on a separate Radius authentication server. MS-CHAP relies on a challenge-response mechanism that prevents the client's password from being passed across the Internet.
Once the tunnel is established, all data exchanged between the Firebox and the remote client is encrypted using RSA RC4 encryption standards. The Firebox decrypts and filters each packet according to configured rules. You also have the option to log all Remote VPN traffic to your log server.
-
NCP® Client (IPSec) - NCP® client software runs on any Windows® 2000/XP or Windows NT® workstation, and is available on all Firebox® X and Firebox X e-Series firewalls. This is the most efficient way to deploy MVPNs for your mobile workforce.
-
SSL - SSL (Secure Sockets Layer) VPN is a convenient remote access method that offers strong security and easy access from practically anywhere that Internet access is available. Mobile VPN with SSL is available on all Firebox® X e-Series appliances, with number of tunnels varying by model and whether the Pro upgrade is present. Supported clients include Microsoft Windows Vista, XP, and 2000 (32-bit); and Mac OS X versions 10.3 through Leopard.
Branch Office VPN with IPS - WatchGuard Branch Office VPN is a standard component of all Firebox® X and Firebox® X e-Series models to give you secure communications between your offices and your trading partners.
-
IPSec - WatchGuard Branch Office VPN is compliant with current IPSec standards. IPSec Branch Office VPN capability establishes encrypted tunnels between a Firebox and any other IPSec-compliant security device - for example, devices used at branch offices, trading partners, or supplier locations - regardless of brand.
Firebox® X and Firebox® X Edge devices are designed to work together seamlessly through WatchGuard System Manager, which deploys VPNs between Firebox devices with drag-n-drop simplicity. This saves you time and resources as you set up and manage your branch office connections with ease.
| WatchGuard VPN Specifications: | |
|---|---|
| Configuration | Easy point-and-click with VPN Manager, or manual configuration |
| Encryption Algorithm | RSA RC4 standard, DES-CBC or 3DES-CBC, AES (128, 192, 256) |
| Authentication Algorithm | SHA1, Internet Key Exchange (IKE) Manual Key Negotiation, Phase I Negotiation |
| Mobile VPN with PPTP Tunnel | RSA 40-bit encryption RSA RC4 128-bit encryption |
| Mobile VPN with IPSec Tunnel Encryption | DES, 3DES, AES (128, 192, 256) |
| Mobile VPN with SSL Tunnel Encryption | DES, 3DES, AES (128-, 192-, 256), Blowfish |
| User Authentication | WatchGuard Firewall Authentication, RADIUS, SecurID, LDAP, Active Directory |
| VPN Authentication | IPSec: SHA1 SSL: SHA, SHA1, SHA256, SHA512 PPTP: MS-CHAP |
| Mobile VPN (IPSec) Client OS Support | Vista 32 and 64 bit XP (32 and 64 bit) |
| Mobile VPN (SSL) Client OS Support | Vista 32 bit XP 32 bit (can support 64 bit in 32 bit mode) Windows 2000 Mac OS X, 10.3 through Leopard |
| Maximum VPN Tunnels by Product: | |
| XTM Series: | |
| XTM 1050 | 7,000 Branch Office VPNs 15,00 Mobile VPN (IPSec) Tunnels 15,000 Mobile VPN (SSL) Tunnels |
| XTM 830 | 6,000 Branch Office VPNs 8,000 Mobile VPN (IPSec) Tunnels** 6,000 Mobile VPN (SSL) Tunnels |
| XTM 820 | 2,000 Branch Office VPNs 6,000 Mobile VPN (IPSec) Tunnels** 4,000 Mobile VPN (SSL) Tunnels |
| XTM 810 | 1,000 Branch Office VPNs 2,000 Mobile VPN (IPSec) Tunnels** 1,000 Mobile VPN (SSL) Tunnels |
| XTM 530 | 600 Branch Office VPNs 1,000 Mobile VPN (IPSec) Tunnels** 600 Mobile VPN (SSL) Tunnels* |
| XTM 520 | 200 Branch Office VPNs 300 Mobile VPN (IPSec) Tunnels** 300 Mobile VPN (SSL) Tunnels* |
| XTM 510 | 75 Branch Office VPNs 100 Mobile VPN (IPSec) Tunnels** 75 Mobile VPN (SSL) Tunnels* |
| XTM 505 | 65 Branch Office VPNs 75 Mobile VPN (IPSec) Tunnels** 65 Mobile VPN (SSL) Tunnels* |
| XTM 23/XTM 23-W | 50 Branch Office VPNs 55 Mobile VPN (IPSec) Tunnels** 55 Mobile VPN (SSL) Tunnels* |
| XTM 22/XTM 22-W | 20 Branch Office VPNs 25 Mobile VPN (IPSec) Tunnels** 25 Mobile VPN (SSL) Tunnels* |
| XTM 21/XTM 21-W | 5 Branch Office VPNs 11 Mobile VPN (IPSec) Tunnels** 11 Mobile VPN (SSL) Tunnels* |
| Legacy Firebox Series: | |
| Firebox® X8500e | 750 Branch Office VPNs 600 Mobile VPN (IPSec) Tunnels 6,000 Mobile VPN (SSL) Tunnels |
| Firebox® X8500e-F | 750 Branch Office VPNs 600 Mobile VPN (IPSec) Tunnels 6,000 Mobile VPN (SSL) Tunnels |
| Firebox® X6500e | 750 Branch Office VPNs 600 Mobile VPN (IPSec) Tunnels 4,000 Mobile VPN (SSL) Tunnels |
| Firebox® X5500e | 750 Branch Office VPNs 600 Mobile VPN (IPSec) Tunnels 1,000 Mobile VPN (SSL) Tunnels |
| Firebox® X1250e | 600 Branch Office VPNs 400 Mobile VPN (IPSec) Tunnels 500 Mobile VPN (SSL) Tunnels* |
| Firebox® X750e | 100 Branch Office VPNs 100 Mobile VPN (IPSec) Tunnels** 300 Mobile VPN (SSL) Tunnels* |
| Firebox® X550e | 45 Branch Office VPNs** 75 Mobile VPN (IPSec) Tunnels** 75 Mobile VPN (SSL) Tunnels* |
| Firebox® X55e/X55e-W | 25 Branch Office VPNs 55 Mobile VPN (IPSec) Tunnels** 55 Mobile VPN (SSL) Tunnels* |
| Firebox® X20e/X20e-W | 15 Branch Office VPNs 25 Mobile VPN (IPSec) Tunnels** 25 Mobile VPN (SSL) Tunnels* |
| Firebox® X10e/X10e-W | 5 Branch Office VPNs 11 Mobile VPN (IPSec) Tunnels** 11 Mobile VPN (SSL) Tunnels* |
*Pro upgrade for the Fireware OS is required for maximum SSL VPN tunnels
**License purchase required for maximum number of tunnels

