Related Topics
Configure Windows Devices for Mobile VPN with IKEv2
You can configure the native IKEv2 VPN client on Windows devices for a VPN connection to your Firebox. To add the VPN connection on your device, you can use the WatchGuard automatic configuration script or manually configure settings on the device.
To install the CA certificate, you must have Administrator permissions on your Windows device. The WatchGuard configuration script automatically requests Administrator permissions to install the required CA certificate for the new IKEv2 VPN connection.
Mobile VPN with IKEv2 is supported on Fireboxes with Fireware v12.1 and higher.
WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.
Automatically Configure VPN Settings
To configure a VPN connection with the WatchGuard automatic configuration script, you must download a compressed .TGZ file from your Firebox. This file contains instructions and configuration scripts for different operating systems. For information about how to download this file, see Configure Client Devices for Mobile VPN with IKEv2.
The automatic configuration script creates a new IKEv2 VPN connection. It also installs the required CA certificate for the VPN connection.
For computers with Windows 7, you must manually configure the VPN connection. The automatic configuration script is not supported.
- From the .TGZ file you downloaded from the Firebox, find the Windows_8.1_10 folder. This folder contains an automatic configuration file and the required CA certificate.
- Copy the folder to your Windows device.
- To start the configuration process, double-click the WG IKEv2.bat file.
Two PowerShell windows appear. - In both PowerShell windows, press any key to continue. The setup process completes.
- To find the new VPN connection, select Settings > Network & Internet > VPN.
- To start a VPN connection to the Firebox, right-click the new VPN connection you added and click Connect.
Manually Configure VPN Settings
- From the .TGZ file you downloaded from the Firebox, find the Windows_8.1_10 folder .This folder contains the required CA certificate.
- Send the rootca.crt file to your Windows 10 device.
- To install the certificate, select the rootca.crt file.
- Click Install Certificate.
- Select the Local Machine store location and click Next.
- Select Place all certificates in the following store.
- Select Trusted Root Certificate Authorities and then click Next.
- Click Finish to complete the certificate installation process.
- Select Settings > Network & Internet > VPN.
- Click Add a VPN connection.
- Specify these settings:
- VPN provider — Windows (built-in)
- Connection name — Select a connection name (for example, WG IKEv2 VPN)
- Server name or address— Host name or IP address of the server
- VPN Type— IKEv2
- Type of sign-in info— User name and password
- User name (optional)— Your Firebox user name
- Password (optional)— Your Firebox password
- Click Save.
- To start a VPN connection to the Firebox, right-click the new VPN connection you added and click Connect.
See Also
Configure Client Devices for Mobile VPN with IKEv2