Configuring a gateway – WatchGuard Technologies FireboxTM System 4.6 User Manual

User Guide

125

Branch office VPN with IPSec

and how WatchGuard implements branch office VPN with IPSec, see the Network
Security Handbook.

From Policy Manager:

• Select Network => Branch Office VPN => IPSec.

Configuring a gateway

A gateway specifies endpoints for one or more tunnels. The standard specified for a
gateway, such as isakmp automated key negotiation, becomes the standard for
tunnels created with the gateway.

Adding a gateway

From the IPSec Configuration dialog box:

1

Click Gateways.

2

To add a gateway, click Add.

3

Enter the gateway name.

This name identifies a gateway only within Policy Manager.

4

Use the Key Negotiation Type drop list to select either isakmp (dynamic) or
Manual.

For more information, see “Configuring a tunnel with dynamic security” on page 127 and

“Configuring a tunnel with manual security” on page 126.

5

In the Remote Gateway IP field, enter the IP address of the Firebox (or other
IPSec-compliant host) at the other end of the gateway.

6

Enter the shared key.

The Shared Key field is available only for ISAKMP-negotiated gateways. The same key must be

entered at the remote gateway.

7

Click OK.

The Configure Gateways dialog box appears listing the newly configured gateway. Repeat the

Add Gateway procedure to add additional gateways.

8

When you finish adding gateways, click OK to return to the IPSec Configuration
dialog box.

Editing a gateway

From the Configure Gateways dialog box:

1

Click the gateway. Click Edit.

The IPSec Gateway dialog box appears.

2

Make changes according to your security policy preferences.

3

Click OK.

• Determine the tunnel and policy endpoints
• Select an encryption method
• Select an authentication method