To open a Mobile VPN tunnel with the Firebox, remote users type their user name and password to authenticate. The Firebox uses this information to authenticate the user to the Firebox. To authenticate, users must be part of a Mobile VPN with IPSec group.
For information about how to create a Mobile VPN with IPSec group, go to Configure the Firebox for Mobile VPN with IPSec.
For more information on Firebox groups, go to Types of Firebox Authentication.
To add users to a group if you use a third-party authentication server, use the instructions provided in your vendor documentation.
Network Access Enforcement
To limit mobile VPN connections to devices that follow corporate policy, you can use network access enforcement. Before you enable network access enforcement for Mobile VPN groups, enable and configure network access enforcement at Subscription Services > Network Access Enforcement (Fireware v12.9 or higher).
For Mobile VPN with IPSec, to enable network access enforcement for a mobile VPN group, you must edit the group settings in the Authentication > Users and Groups configuration. Network access enforcement settings do not appear in the Mobile VPN with IPSec configuration. For information about how to enable network access enforcement for IPSec groups, go to Add Users to a Firebox Mobile VPN Group.
For all other mobile VPN methods, you can enable network access enforcement for a group in either of these locations:
- Mobile VPN configuration
- Authentication > Users and Groups configuration
For more information about network access enforcement, go to Network Access Enforcement Overview.
Add Users to a Group for Firebox (Firebox-DB) Authentication
- Select Authentication > Servers.
The Authentication Servers page opens.
- Click Firebox-DB.
- To add a new user, in the Firebox Users section, click Add.
The Firebox User dialog box opens.
- Type a Name
- (Optional) Type a Description for this user.
- Type a Passphrase for the user. The passphrase must be at least 8 characters long. Type the passphrase again to confirm it.
We recommend that you do not change the values for Session Timeout and Idle Timeout.
- (Optional) Specify settings for login limits.
- Click OK.
The new user is added to the Firebox Users list. - In the Firebox Groups section, select a group name and click Edit.
The Firebox Group dialog box opens.
- (Optional) To apply enforcement settings to the group, select Enable Network Access Enforcement.
- In the Firebox Authentication Users section, select the check box for one or more users.
- Click OK.
- Click Save.
- Select Setup > Authentication > Authentication Servers.
The Authentication Servers dialog box opens.
- Select the Firebox-DB tab.
- To add a new user, in the Users section, click Add .
The Setup Firebox User dialog box opens.
- Type a user name and passphrase for the new user. The passphrase must be at least 8 characters long. Type the passphrase again to confirm it.
We recommend that you do not change the values for Session Timeout and Idle Timeout.
- (Optional) Type a description.
- In the Firebox Authentication Groups section, select the group name in the Available list and click
to make the new user a member of the group you created in the wizard. - (Optional) To enable network access enforcement for the group:
- In the User Groups section, select the group.
- Click Edit.
- Select Enable Network Access Enforcement.
- Click OK.
For more information, go to Network Access Enforcement Overview.
- Click OK.
The new user appears in the Users list in the Authentication Servers dialog box. The dialog box stays open for you to add more users if you choose. - To close the Authentication Servers dialog box, click OK.
For information about other user authentication settings, go to Define a New User for Firebox Authentication.