A mobile VPN can be used when a remote client is trying to access the private internal network of a company.
How to create:
To start setting up the VPN go into fireware policy manager, VPN, mobile VPN and then select IKEv2.
This will then bring up a setup wizard, press next.
You will need to input the public IP of the firewall for client connections and then hit add followed by next.
The firebox-DB authentication server will be there by default, but you can also set up radius to be an authentication method by selecting configure on the right side. Select the authentication server you want to use and then hit next.
A user will need to be created which will allow clients to connect using the VPN. On the right side select new and then Firebox-DB User/Group.
To add a user or group select add, for users they will need a name and password whereas the group will just need a name, then click ok.
When this has been done you will see the user has been created. Ticking the user will associate this with the IKEv2 user's group that is enabled by default, then press next.
A virtual IP address will be assigned to the client devices so they are capable of using the VPN. To create the virtual IP pool select add and then type in the host IP address you want the device to use. It is also capable of doing network addresses and not just host addresses, just hit the drop down on choose type and select network.
After pressing next on the virtual IP address stage, the setup will be completed. Then you select finish. After selecting finish, save the configuration onto the firewall.
To verify the user has been associated with the group, go to setup, authentication and then authentication servers.
Select the user group you want to check and then select edit. You should see that the user is a member of that group. If you have created a new group and the user doesn't appear in the member's section just select the user in the available box, hit the top arrow placed in the middle of the two boxes, then hit ok.
The client device will also need some configuration to enable the connection over VPN. Watchguard have created a script that will allow client to run the VPN. To get this script go into fireware policy manager, VPN, mobile VPN then get started.
Under IKEv2 select client profile, which will bring up client instructions. You press download to get the file.
When the file has been downloaded, extract the tar file then copy the folder over to your desktop. Double click on the batch file (.bat), this will be in the operating system folder (Windows, MAC or IOS). This will bring up a terminal prompt saying it's been installed. When this appears hit any key on the prompt.
This will then set up the VPN on the client, to verify this go into network and internet setting at the bottom right. You should see your VPN as an option to connect to.