Configure Ssl Vpn For Mac
SSL VPN Network Access Control (NAC) limits access to the web portals of the SSL VPN service according to a variety of factors based on attributes of the connecting device. Users who fail the NAC check are not allowed to log in until they have a conforming system. You can define exceptions for each category. Use exceptions to allow/block specific versions denied in the NAC block list. For example, to allow only Windows 7 to connect: Block all Windows operating systems in the NAC block list and then add an exception for Windows 7.
NAC settings do not apply to clients connecting via CudaLaunch. The following parameters are evaluated by the SSL VPN service when the user logs in:. Desktop operating systems. Mobile operating systems. Desktop Browser types and versions. Browser Plugins. Mobile Browser types and versions In this article Step 1.
Configure NAC Block List. Go to CONFIGURATION Configuration Tree Box Virtual Servers your virtual server Assigned Services VPN SSL VPN. Click Lock. In the left menu, click NAC.
Set Enable NAC to Yes. For each parameter, select the versions that should be blocked. Select none to not block according to this criteria. If the version number is not in the dropdown, select Other and type in the version number. Click Send Changes and Activate.
(optional) Configure NAC Exceptions To exempt some configurations from the restrictions defined above, define NAC Exceptions to block or deny an entire category. Exceptions will override the criteria configured in Step 1.
For example, to allow only Windows 7 to connect: Block all Windows operating systems in the NAC block list and then add an exception for Windows 7. Go to CONFIGURATION Configuration Tree Box Virtual Servers your virtual server Assigned Services VPN SSL VPN. Click Lock. In the left menu, click NAC. Click + for each NAC Exception. The Enter Name window opens. Enter a name.
The NAC Exceptions window opens. Select the Access policy. Select the Exception Type. The subtype for the selected Type is displayed.
E.g., Mobile Browser type if you selected Mobile Browser as the Exception Type. Select the subtype and Version for the Exception type you previously selected. Select Other to enter a version number that is not listed. Click Send Changes and Activate. All users accessing the SSL VPN mobile and desktop portal must now conform to the requirements set in the NAC block list.
When a user logs in with a device that fails one or more of the server-side NAC checks, the following block pages are displayed: Check the sslvpn log file to find out which NAC block rule caused the user to be rejected. Download vpn for mac.
Contents ● Fireware Help Install and Connect the Mobile VPN with SSL Client The Mobile VPN with SSL software enables users to connect, disconnect, gather more information about the connection, and to exit or quit the client. The Mobile VPN with SSL client adds an icon to the system tray on the Windows operating system, or an icon in the menu bar on macOS. You can use this icon to. To use Mobile VPN with SSL, you must:. If you are unable to connect to the Firebox, or cannot download the installer from the Firebox, you can. Client Computer Requirements For information about which operating systems are compatible with your Mobile VPN with SSL Client, see the Operating System Compatibility list in the Fireware Release Notes. You can find the Release Notes for your version of Fireware OS on the page of the WatchGuard website.
To install the Mobile VPN with SSL client on macOS, you must have administrator privileges. To use the Mobile VPN with SSL client to connect, the client computer must support TLS 1.1 or higher. Windows 7 does not enable this by default. To enable TLS 1.1 and TLS 1.2 in Windows 7:.
Open the Windows Control Panel. Select Internet Options Advanced.
Select the Use TLS 1.1 and Use TLS 1.2 check boxes. Mac OS X 10.6, 10.7, 10.8, Windows XP and Windows Vista do not support TLS 1.1. Mobile VPN with SSL connections are not supported from these operating systems. Download the Client Software To download the client software, you authenticate to the Firebox with an HTTPS connection over port 443 unless you configured a custom port number.
Connect to one of these addresses with a web browser: Over port 443 Over a custom port number The authentication web page appears. Type your Username and Password. If Mobile VPN with SSL is configured to use more than one authentication method, select the authentication server from the Domain drop-down list. For a WatchGuard device that uses Fireware XTM v11.8.x or lower, the Domain drop-down list does not appear. If your user account is from an authentication server other than the server specified as the default authentication server, when you type the user name in the Username text box, you must also specify the authentication server.
For example:. If RADIUS is the authentication server — radius jsmith. If the Active Directory server ad1example.com is the authentication server — ad1example.com jsmith. If Firebox-DB is the authentication server — Firebox-DB jsmith The Mobile VPN with SSL download page appears.
Click the Download button for the correct installer for your operating system: Windows (WG-MVPN-SSL.exe) or macOS (WG-MVPN-SSL.dmg). Save the file to your computer. From this page, you can also download the Mobile VPN with SSL client profile for connections from any SSL VPN client that supports.OVPN configuration files. For more information about the Mobile VPN with SSL client profile, see.
Install the Client Software Microsoft Windows. Double-click WG-MVPN-SSL.exe. The Mobile VPN with SSL client Setup Wizard starts. Accept the default settings on each screen of the wizard. (Optional) To add a desktop icon or a Quick Launch icon, select the check box in the wizard that matches the option. Finish and exit the wizard.
MacOS. Make sure that the System Preferences Security and Privacy settings on your Mac allow apps downloaded from Mac App Store and identified developers. This is the default setting. Double-click WG-MVPN-SSL.dmg. A volume named WatchGuard Mobile VPN is created on your desktop. In the WatchGuard Mobile VPN volume, double-click WatchGuard Mobile VPN with SSL Installer.mpkg. The client installer starts.
Accept the default settings on each screen of the installer. Finish and exit the installer.
After you download and install the client software, the Mobile VPN client software automatically connects to the Firebox. Each time you connect to the Firebox, the client software verifies whether any configuration updates are available. Connect to Your Private Network Microsoft Windows To start the Mobile VPN with SSL client:. From the Start Menu, select All Programs WatchGuard Mobile VPN with SSL client Mobile VPN with SSL client.
Double-click the Mobile VPN with SSL shortcut on your desktop. Click the Mobile VPN with SSL icon in the Quick Launch toolbar. MacOS To start the Mobile VPN with SSL client on macOS:. Open a Finder window. Select Applications WatchGuard. Double-click the WatchGuard Mobile VPN with SSL application.
Ssl Vpn Mac Os
Complete the Client Connection After you have started the Mobile VPN with SSL Client, to start the VPN connection, you must specify the authentication server and user account credentials. The Server is the IP address of the primary external interface of a Firebox. If Mobile VPN with SSL on the Firebox is configured to use a port other than the default port 443, in the Server text box, you must type the primary external interface followed by a colon and the port number. For example, if Mobile VPN with SSL is configured to use port 444, and the primary external IP address is 203.0.113.2, the Server is 203.0.113.2:444. The User name can include the authentication server and user name of the user account. If Mobile VPN with SSL on the Firebox is configured to use multiple authentication methods, user accounts from an authentication server other than the server specified as the default authentication server must specify the authentication server or domain as part of the user name.
The user name must be in one of these formats: Use the default authentication server In the User name text box, type the user name. Example: jsmith Use another authentication server In the User name text box, type. Examples:. If RADIUS is the authentication server — radius jsmith.
If the Active Directory server ad1example.com is the authentication server — ad1example.com jsmith. If Firebox-DB is the authentication server — Firebox-DB jsmith SSL client users must specify their user account credentials. Mobile VPN with SSL does not support Single Sign-On (SSO). If the connection between the SSL client and the Firebox is temporarily lost, the SSL client tries to establish the connection again. To connect to your private network from the Mobile VPN with SSL client:.
In the Server text box, type or select the address of the Firebox to connect to. The IP address of the server you most recently connected to is selected by default. In the User name text box, type the user name. If Mobile VPN with SSL on the Firebox is configured to use multiple authentication methods, you can specify the authentication server or domain name with the user name. For example, radius jsmith.
In the Password text box, type the password for your user account. The client can remember the password, if the administrator configures the authentication settings to allow it. Click Connect. Other Connection Options Two other connection options are available in the client only if the administrator has enabled them on the device you connect to. Automatically reconnect Select the Automatically reconnect check box if you want the Mobile VPN with SSL client to automatically reconnect when the connection is lost. Remember password Select the Remember password check box if you want the Mobile VPN with SSL client to remember the password you typed for the next time you connect. Mobile VPN with SSL Client Controls When the Mobile VPN with SSL client runs, the WatchGuard Mobile VPN with SSL icon appears in the system tray (Windows) or on the right side of the menu bar (macOS).
The type of magnifying glass icon that appears shows the VPN connection status. Windows:. — The VPN connection is not established. — The VPN connection has been established. You can securely connect to resources behind the Firebox. — The client is in the process of connecting or disconnecting. The 'W' letter in the icon pulsates.
— The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL.
MacOS:. — The VPN connection is not established. — The VPN connection has been established. You can securely connect to resources behind the Firebox. — The client is in the process of connecting or disconnecting. The 'W' letter in the icon pulsates.
— The client cannot connect to the server. Verify that the server IP address, user name, and password are correct. To troubleshoot further, check the client logs for Mobile VPN with SSL. MacOS (Dark Mode):. — The VPN connection is not established. — The VPN connection has been established.
You can securely connect to resources behind the Firebox. — The client is in the process of connecting or disconnecting. The 'W' letter in the icon pulsates. — The client cannot connect to the server. Verify that the server IP address, user name, and password are correct.
To troubleshoot further, check the client logs for Mobile VPN with SSL. To see the client controls list, right-click the Mobile VPN with SSL icon in the system tray (Windows), or click the Mobile VPN with SSL icon in the menu bar (macOS). You can select from these actions: Connect/Disconnect Start or stop the Mobile VPN with SSL connection. Status See the status of the Mobile VPN with SSL connection. View Logs Open the connection log file.
Properties Windows — Select Launch program on startup to start the client when Windows starts. Type a number for Log level to change the level of detail included in the logs. MacOS — Shows detailed information about the Mobile VPN with SSL connection. You can also set the log level. Show Time Connected (macOS only) Select to show the elapsed connection time on the macOS menu bar.
Free Vpn For Mac In China
Show Status While Connecting (macOS only) Select to show the connection status on the macOS menu bar. About The WatchGuard Mobile VPN dialog box opens with information about the client software. Exit (Windows) or Quit (macOS) Disconnect from the Firebox and shut down the client. See Also ● ● ● © 2018 WatchGuard Technologies, Inc. All rights reserved.
WatchGuard, the WatchGuard logo, and Firebox are trademarks or registered trademarks of WatchGuard Technologies, Inc. In the United States and/or other countries. All other tradenames are the property of their respective owners.