Welcome testing wizard

[teon]

Welcome screen

Welcome has two use cases:

1. Our automated component setup (edge/gw) was successful and we can initiate wizard and further configuration:

Welcome to Defguard. We have successfully configured all the necessary components (gateway and edge) using Docker for this instance. Now, we need to configure some general settings.

This guide will walk you through the process.

If you would like to understand some basic Defguard concepts, each screen includes links to documentation as well as short videos with explanations that you can watch directly during the setup process.

2. Some component setup has not succeeded, so we need to show a summary of that and the wizard cannot continue

Welcome to Defguard. Unfortunately, the automated setup for some components did not complete successfully. Below, you will find a summary with detailed error messages, as well as the option to copy or download them.

If you are a Business or Enterprise customer, please contact our support team and provide these logs.

If you are an Open Source or Free plan user, you can find support on (Github Discussions)[https://github.com/DefGuard/defguard/discussions/categories/q-a].

Error summary:

✔️ Creating Certificate Authority
✔️ Edge setup successful
⚠️ Gateway setup unsuccessful 

[ error logs component with copy/download error buttons ]

Create Admin User

Note

Same step as initial wizard

General configuration

This URL will be used to access and control Defguard. It should not be exposed to the Internet only to the internal or VPN network. You can learn more about our security approach in the video below.

• Input: Defguard internal URL

We have deployed a secure Edge component that handles various tasks, such as enabling automated user enrollment and sending automated configuration updates to desktop and mobile clients.

It requires a dedicated URL and must be publicly accessible on the Internet. You can always change this URL in General Settings.

You can find more details about Edge in the video below.

• Input: Defguard Public URL

VPN Public Settings

We have deployed a WireGuard® VPN Gateway. To make the VPN operational, a few basic parameters must be configured.

WireGuard® needs to be publicly accessible on a specific IP address and UDP port. This IP does not have to be set directly on the gateway  it can be configured on your firewall or router and forwarded to the Defguard Gateway.

Please provide your public IP address and the port WireGuard® will use so we can generate the correct configuration for desktop and mobile clients.

• INPUT: Public IP & WireGuard Port

VPN Internal Network

Deploying the VPN requires a dedicated network. Please provide the internal VPN network IP address for the Defguard Gateway.

The VPN network will be derived from this address (e.g., 10.10.10.1 → 10.10.10.0). You may specify multiple addresses separated by commas; the first will be used as the primary address for device IP assignment.

• Input: Gateway Address

If you want your local networks to be accessible from VPN, list them in addresses/masks format below:

• Input: Allowed IPs

You can configure a custom DNS server for VPN connections (e.g., your local network DNS or a preferred DNS to use while connected to the VPN).

• Input: DNS Server IP

Multi-Factor Authentication

You can enable Multi-Factor Authentication (MFA) for your VPN. Two types are available:

* **Internal** – Uses the MFA methods configured in your Defguard profile.
* **External** – Requires configuring an external identity provider in the settings, such as Google, Microsoft Entra ID, Okta, or JumpCloud. **Disabled in Open Source plan.**

Please note: If you enable MFA for your VPN location, you must configure MFA in your profile 

Select:
(x) Do not enable Multi-Factor Authentication
( ) Enable Internal Defguard Multi-Factor Authentication
DISABLED: External Identity Provider Authentication (required Business or Enterprise license)

Summary

[!NOTE]

Please remember that if the host running Defguard is not publicly accessible (i.e., it does not have the VPN public IP assigned to it), you must forward the following ports to it:

• TCP ports 80 and 443
• UDP port XXX

Thank you for choosing Defguard. We would encourage you to:

• Get familiar with our security concepts and architecture: https://docs.defguard.net/about/about-defguard
• Star us on GitHub: https://github.com/defguard/defguard
• Join a Discussion: https://github.com/DefGuard/defguard/discussions