Configuring watchguard vpn – WatchGuard Technologies FireboxTM System 4.6 User Manual

Configuring WatchGuard VPN

130

Allow VPN access to any services

To allow all traffic from VPN connections, add the Any service to the Services Arena
and configure it as described above.

Allow VPN access to selective services

To allow traffic from VPN connections only for specific services, add each service to
the Services Arena and configure each as described above.

Configuring WatchGuard VPN

Use WatchGuard VPN to implement branch office VPN between two Fireboxes.
WatchGuard VPN uses udp port 4104.

WatchGuard VPN configuration models

There are two models for configuring WatchGuard VPN:

Two-box configuration

Connect two networks over the Internet using two Fireboxes.

Multiple box configuration

Connect one central Firebox to multiple remote networks over the Internet.

- Add multiple VPN configurations to the central Firebox, and configure

remote Fireboxes accordingly.

- Make sure that passphrases are unique to a single VPN connection.

- On the central Firebox, use the same IP address for multiple remote

Fireboxes. However, the address can not be used for another purpose on
either the central or remote networks.

Setting up WatchGuard VPN

From Policy Manager:

1

Select Network => Branch Office VPN => WatchGuard VPN.

2

To set up a branch office, click Add.

3

In the Remote Firebox IP field, enter the IP address of the External interface of the
remote Firebox.

Access control is a critical part of configuring a secure VPN environment. If

machines on the branch office VPN network are compromised, attackers

obtain a secure tunnel to the trusted network.

WatchGuard VPN offers 40-bit encryption. WatchGuard VPN with 128-bit

encryption can be used when both ends of the tunnel are licensed for enhanced

encryption. Other encryption standards are available (128-bit DES and 3-

DES).