User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500

271

272

273

274

275

276

277

278

279

280

About Mobile VPN with PPTP

264 Firebox X Edge e-Series

Options for Internet access through a Mobile VPN with

PPTP tunnel

You can enable remote users to access the Internet through a Mobile VPN tunnel. This option affects your

security because Internet traffic is not filtered or encrypted. You have two options for Mobile VPN tunnel

routes: default-route VPN and split tunnel VPN.

Default-route VPN

The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to

the Firebox. From the Firebox, the traffic is then sent back out to the Internet. With this configuration (known

as default-route VPN), the Firebox is able to examine all traffic and provide increased security, although more

processing power and bandwidth on the Firebox is used.

Split tunnel VPN

Another configuration option is to enable split tunneling. This configuration enables users to browse the

Internet without sending Internet traffic through the VPN tunnel. Split tunneling decreases security because

Firebox policies are not applied to the Internet traffic, but it does increase performance. If you use split

tunneling, client computers should have a software firewall.

Default-route VPN setup for Mobile VPN with PPTP

The default PPTP settings in Windows Vista, XP and 2000 create a default-route VPN.

Split tunnel VPN setup for Mobile VPN with PPTP

On the client computer, edit the PPTP connection properties to not send all traffic through the VPN.

1. For Windows Vista, XP or 2000, go to Control Panel > Network Connections and right-click the VPN

connection.

2. Select Properties.

The VPN properties dialog box appears.

3. Select the Networking tab.

4. Select Internet Protocol (TCP/IP) in the list box and click Properties.

The Internet Protocol (TCP/IP) Properties dialog box appears.

5. On the General tab, click Advanced.

The Advanced TCP/IP Settings dialog box appears.

6. Windows XP and Windows 2000 - On the General tab (XP and Windows 2000), clear the Use default

gateway on remote network check box.

Windows Vista - On the Settings tab (XP and Windows 2000), clear the Use default gateway on

remote network check box.

If you use the route print or ipconfig commands after you start a Mobile VPN tunnel on a computer

with Microsoft Windows installed, you see incorrect default gateway information. You will see

correct information if you look at the Details tab of the Virtual Private Connection Status dialog

box.