The security configuration for VPN connections provides an extra layer of security in the connections established between remote user computers and corporate networks through VPN.
The computer that wants to connect to the network through VPN must meet a number of conditions for the Firebox to allow access. If you do not comply, access will be denied.
The agent installed on the computer is responsible for gathering and sending the information that the Firebox needs to perform the checks.
For more information about the Firebox and its VPN connection settings, see https://www.watchguard.com/help/docs/help-center/es-xl/Content/en-US/Fireware/services/tdr/tdr_host_sensor_enforcement.html
Before you can use security protection for VPN connections with the Firebox, your computer must meet the following requirements:
- Have the protection installed and active.
- Have a valid account ID and authentication key.
- Operating system: Windows 8.1 or higher and macOS High Sierra 10.13 or higher.
- Ports: For the security protection for VPN connections to work properly, the agent installed on the computer requires port 33000 for its communication with the Firebox.
- Activated and running advanced hardening or lock mode protection.
- Activated and running antivirus protection is considered valid.
Secure VPN connections is not supported on Linux and macOS operating systems. When you enable this functionality, computers running these operating systems or versions earlier than Windows 8.1 will not be able to connect to the VPN.
When the computer tries to connect to the corporate network through a VPN, the Firebox performs the following actions:
- TDR host sensor enforcement on the Firebox is enabled.
- Record the host sensor enforcement unique identifier (UUID) and authentication key.
- Requests information about the status of the protection installed on the computer.
- Check that the account UUID and authentication key are valid. Both are available in the configuration of the Firebox that is used to connect to the VPN.
- Confirm that the computer's operating system is valid, contrasting it with the ones configured.
- Computers you want to enable Secure VPN for have endpoint protection installed and running with Advanced Protection in hardening or lock mode or Antivirus is enabled.
By default, computers have security compliance enforcement turned on to connect to VPN through the Firebox.
Access to security settings for VPN connections
To turn on security for VPN connections, follow these steps:
- Click Network Services in the side menu.
- In the top tab menu, click VPN Security.
- To turn protection on, turn on the slider.
- Enter the UUID of the account and the authentication key.
- Click the Save Changes button.
Until the release of Fireware v12.9, you configure secure VPN for the Firebox with the TDR host sensor enforcement settings in Fireware Web UI or Policy Manager.
For information on how to configure host sensor enforcement on the Firebox, see Configure TDR Host Sensor Enforcement in Help Center.