Virtual Private Networks (VPNs) are the most effective way to keep your business communications over the Internet private and secure. WatchGuard® products are capable of delivering 3DES (168-bit) strong encryption to protect VPN connections and IPSec tunnel routing, which reduces the complexity of managing multiple VPN tunnels.

WatchGuard offers Mobile User VPN and Branch Office VPN support.

WatchGuard Mobile User VPN gives your traveling employees and telecommuters a secure connection to your corporate network. This cost-effective solution allows you to use a standard Internet connection, eliminating expensive long-distance charges. By deploying Mobile User VPNs from your centrally managed security appliance, you also save time and money by eliminating the need to maintain dedicated modem banks and remote access servers.

Two types of Mobile User VPN are available, PPTP Client and SafeNet® Client.

• PPTP Client

A standard component of Firebox® X (X500, X700, X1000, and X2500) and Firebox® III (4500, 2500, 1000, 700, and 500), this version relies on the widely accepted Point-to-Point Tunneling Protocol (PPTP).

How PPTP Works
A PPTP tunnel is established using the Dial-Up Networking dialog on a Windows workstation. Remote users are authenticated using MS-CHAP against a user/password list maintained in the Firebox configuration or on a separate Radius authentication server. MS-CHAP relies on a challenge-response mechanism that prevents the client's password from being passed across the Internet.

Once the tunnel is established, all data exchanged between the Firebox and the remote client is encrypted using RSA RC4 encryption standards. The Firebox decrypts and filters each packet according to configured rules. You also have the option to log all Remote VPN traffic to your log server.

• SafeNet Client (IPSec)

SafeNet® client software runs on any Windows® 2000/XP or Windows NT® workstation, and is available on all Firebox® X models; all Firebox® X Edge models; Firebox® SOHO 6tc and SOHO 6 wireless models; and all Firebox® III models. (Mobile User VPN is optional on SOHO 6, and is available in 5-user license increments, with an 11 user maximum). This is the most efficient way to deploy MUVPNs for your mobile workforce.

WatchGuard Branch Office VPN is a standard component of all Firebox® X models; all Firebox® X Edge models; Firebox® SOHO 6tc and SOHO 6 wireless models; and all Firebox® III models (optional on Firebox® X500, Firebox® 500, and Firebox® SOHO 6 and SOHO 6 Wireless) to give you secure communications between your offices and your trading partners.

• IPSec

WatchGuard Branch Office VPN is compliant with current IPSec standards. IPSec Branch Office VPN is available in the U.S., Canada, and to customers in countries eligible to receive strong encryption software (see encryption list [link]). IPSec Branch Office VPN capability establishes encrypted tunnels between a Firebox and any other IPSec-compliant security device-for example, devices used at branch offices, trading partners, or supplier locations-regardless of brand.

Firebox X and Firebox X Edge devices are designed to work together seamlessly through WatchGuard System Manager's VPN Manager, which deploys VPNs between Firebox devices with drag-n-drop simplicity. This saves you time and resources as you set up and manage your branch office connections with ease.