When the SA Life is set to 8 hours, WatchGuard IPSec Mobile VPN clients rekey after 8 hours, but the VPN client on the macOS or iOS device uses the smaller rekey value of 1 hour. To use this VPN profile for all supported VPN clients, set the SA Life to 8 hours. If this profile is only used for connections by VPN clients on macOS or iOS devices, set the SA Life to 1 hour to match the client setting. The VPN client on the macOS or iOS device is configured to rekey after 1 hour. In the Phase 1 Settings section, click Advanced.From the Encryption drop-down list, select an encryption method.From the Authentication drop-down list, select an authentication method.Select Use the passphrase of the end user profile as the pre-shared key.In the Firebox IP Addresses section, type the primary external IP address or domain name to which Mobile VPN users in this group can connect.Type and confirm the Passphrase to use for this tunnel.For more information, see Configure the External Authentication Server. If you use Active Directory as your authentication server, the users must belong to an Active Directory security group with the same name as the group name you configure for Mobile VPN with IPSec. If you create a Mobile VPN user group that authenticates to an external authentication server, make sure you create a group on the server with the same name you specified in the wizard for the Mobile VPN group. Make sure that the method of authentication you select is enabled. You can authenticate users to the Firebox (Firebox-DB) or to a RADIUS, VASCO, SecurID, LDAP, or Active Directory server. From the Authentication Server drop-down list, select an authentication server.Make sure the name is unique among VPN group names, as well as all interface and VPN tunnel names. You can type the name of an existing group, or the name for a new Mobile VPN group. In the Name text box, type the name of the authentication group your macOS or iOS VPN users belong to.The Mobile VPN with IPSec Settings page appears. (Fireware v12.2.1 or lower) Select VPN > Mobile VPN with IPSec.In the IPSec section, select Configure.(Fireware v12.3 or higher) Select VPN > Mobile VPN.It is very important to configure the settings on your Firebox to match the settings required by the VPN client on the macOS or iOS device. Many of the VPN tunnel configuration settings in the VPN client on the macOS or iOS device are not configurable by the user. Mobile VPN with IPSec only supports aggressive mode.
Phase 1 Encryption - DES, 3DES, AES128, AES256įor devices with versions of iOS lower than 9.3, these Phase 1 and 2 settings are supported.ĭiffie-Hellman Group 5 is not supported on Apple devices for aggressive mode.If Diffie-Hellman Group 2 is selected in the Phase 1 settings: Phase 2 Encryption - 3DES, AES128, AES256.
If Diffie-Hellman Group 14 is selected in the Phase 1 settings: Supported Phase 1 and 2 Settingsįor devices with iOS 9.3 and higher or macOS 10.11.4 and higher, these combinations of Phase 1 and 2 settings are supported. The VPN client on the macOS or iOS device does not support split tunneling. You must configure Mobile VPN with IPSec for default-route VPN (0.0.0.0/0).
#Smoothwall mac os vpn client install#
For more information, see Install the IPSec Mobile VPN Client Software. To use the native IPSec VPN client to make a connection to your Firebox, you must configure the VPN settings on your Firebox to match those on the iOS or macOS device.įor IPSec VPN connections from a macOS device, you can also use the WatchGuard IPSec VPN Client for macOS. You can use this client to make an IPSec VPN connection to a Firebox. Use the macOS or iOS Native IPSec VPN ClientĪpple iOS devices (iPhone, iPad, and iPod Touch) and macOS 10.6 and higher devices include a native Cisco IPSec VPN client.
0 kommentar(er)
