To upgrade the Mobile VPN with SSL Windows client, you must have administrator privileges. In Fireware v12.5.4 or higher, the minimum accepted TLS version is TLS 1.2, which means SSL VPN clients must use TLS 1.2 or higher to connect to the Firebox. The Firebox and SSL VPN clients negotiate which TLS version to use for tunnel security. You can find the Release Notes for your version of Fireware OS on the Fireware Release Notes page. For information about changes to the WatchGuard Mobile VPN with SSL client, see the Enhancements and Resolved Issues section in the Release Notes. Client Computer Requirementsįor information about which operating systems are compatible with Mobile VPN with SSL, see the Operating System Compatibility list in the Fireware Release Notes.
If you are unable to connect to the Firebox, or cannot download the installer from the Firebox, you can Manually Distribute and Install the Mobile VPN with SSL Client Software and Configuration File. The WatchGuard Mobile VPN with SSL client v11.10.4 or higher is a 64-bit application. You can use this icon to control the client software. The Mobile VPN with SSL client adds an icon to the system tray on the Windows operating system, or an icon in the menu bar on macOS. The Mobile VPN with SSL software enables users to connect, disconnect, gather more information about the connection, and to exit or quit the client. Note that the IP specified under the Client Address Range of FortiGate is assigned to the PC.Download, Install, and Connect the Mobile VPN with SSL Client Note: “Server name or address”, is the IP address of FortiGate WAN Interface.Ĭlick on connect under the newly created VPN, and it should connect and access the network behind FortiGate if everything is configured correctly. On Windows, click on Start > Settings > Network & Internet > VPN > Add a VPN connection.įill in the “Add a VPN connection” tab using below screenshot as guide. Your deployment will NOT work if you choose a proposal not supported by Windows 10 (or other windows) L2TP/IPSec. Note: The proposal used at phase1 (and phase 2) by FortiGate wizard, should be supported by Windows. Review your newly created VPN and once okay, click “Create”. Note: Don’t change the “Subnet Mask” leave it as default. > On “ Policy & Routing” tab > Local Interface (LAN) > Local Address (choose FW address) > Client Add range (Fill in your desired IP range) > Leave "subnet Mask" as default, and click "Next" > On Authentication tab > select “ Pre-shared Key” (provide key) > select " User Group" (earlier created) and click " Next" > Go to CUI Interface, VPN > IPsec Wizard > VPN Setup > Remote Access > Native > Windows Native (fill in required information) and click " Next"
Go to, User & Device > User Groups > Create New (then create new user group and add user acct. you just created).
When deploying L2TP/IPSec VPN between Windows 10 PC and FortiGate, it’s possible to run into issues (where the tunnel failed to come up), if not using “VPN Proposals” supported by Windows 10. This article describes how to configure FortiGate so Microsoft’s L2TP/IPSec VPN client configured on Windows 10 PC will have access to the network(s) behind FortiGate in a secure manner.