XTM IPSEC iOS mobile VPN:
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/ipsec/mvpn_ipsec_ios_vpn_c.html
Activate new device:
http://www.watchguard.com/activate
Log in with your WatchGuard account user name and password.
On the Support Home tab, click Activate a Product.
Change Device name:
Enable Bridge for ETH1 and Wireless (if device is -W):
Change the Bridge interface to static IP
Add Static DNS servers
Activate Subscriptions:
1. Activate SpamBlocker Wizard:
Put incoming SMTP server
POP3 (not recommended)
Prevent mail relay for the example.com domain (SMTP Proxy Action -> Address -> Mail From)
2. Enable Intrusion Priventions
3. Enable Botnet Detection
4. Enable Data Loss Prevemtion
5. Enable APT Blocker (Gateway Antivirus should be activated first)
Enable Wireless Connections:
Open Fireware XTM Policy Manager -> Networking -> Wireless
Configure Firewall Policies:
Watchguard and Watchguard Web UI and FTP policies:
Create MGMT aliaces and add them to the policies FROM field
HTTP-proxy:
- Enable Application Control
- Enable IPS
- Create HTTP-Client-Proxy
- Create new WebBlocker.Policy
- Change Deny Message
- Enable APT Blocker
HTTPS-proxy:
- Enable Application Control
- Enable IPS
- Create HTTPS-Client-Proxy
- Create new WebBlocker.Policy
Add Firewall Policies:
Add HTTPS-Proxy-In (Port forwarding)
Add HTTP-Proxy-In (Port forwarding)
Add RDP-In Packet Filter (Port forwarding)
Add VPN-In Packet Filter (Port forwarding)
Add Outdoing Proxy (TCP-UDP)
- Enable Application Control
- Enable IPS
- Create TCP-UDP-Proxy-Out
Add SMTP-Out-Deny Policy (enable logging)
Add SMTP-Out-Allow Policy
- From - Mail server
- Create new SMTP-Outgoing-Proxy
- Disable APT blocker
Delete/Disable Firewall Policies:
Outgoing Packet Filter (TCP-UDP)
Logging Setup (Setup -> Logging):
Send log messages to these WatchGuard Servers:
Select the Send log messages when the configuration for this Firebox is changed check box