You want to setup a PPTP VPN on the WatchGuard Firebox XTM firewall . This will allow mobile users to connect with the VPN client built-in to Windows.
Ignoring our previous comments on the security of PPTP, you can create a PPTP as follows:
- Logon to the Firebox as an admin user
- In the left-hand navigation, expand VPN and click on “Mobile VPN with PPTP”. There’s not a lot of options here; just check the “Activate Mobile VPN with PPTP” box and specify an address pool for the remote clients. The Firebox has a limit of 50 simultaneous connections over PPTP so a full Class C subnet isn’t needed. If you’ve already got an SSL VPN configured and don’t need a full Class C for it either, you can split that subnet up so that you’re not having to use different subnets for different VPNs. Click Save once you’re done to make sure that the Firebox
- Click on Authentication > Servers in the left-hand navigation and edit any users who need to connect to add them to the new PPTP-Users group; as before, I’m assuming you’re just using the local user database on the Firebox and not RADIUS, AD, etc. Remember to click the Save button on the “Authentication Servers” page after change the users or the changes won’t stick.
- Click on Firewall >Firewall Polices in the left-hand navigation, then add a new policy (green plus sign at the top right). Under “Select a policy type”, expand “Packet Filters”, then click “Any”. This will rename the new policy so go back and rename it “Allow PPTP VPN” then click the “Add policy” button at the bottom of the page.
- On the next page, change the “To” list to be “Any-Trusted” (click Add, listed under the “Alias” type) and the “From” list to be the “PPTP Users” group (click Add, change type to “PPTP Group” and