WatchGuard Technologies FireboxTM System 4.6 User Manual
Configuring WatchGuard VPN
130
Allow VPN access to any services
To allow all traffic from VPN connections, add the Any service to the Services Arena
and configure it as described above.
and configure it as described above.
Allow VPN access to selective services
To allow traffic from VPN connections only for specific services, add each service to
the Services Arena and configure each as described above.
the Services Arena and configure each as described above.
Configuring WatchGuard VPN
Use WatchGuard VPN to implement branch office VPN between two Fireboxes.
WatchGuard VPN uses udp port 4104.
WatchGuard VPN uses udp port 4104.
WatchGuard VPN configuration models
There are two models for configuring WatchGuard VPN:
Two-box configuration
Connect two networks over the Internet using two Fireboxes.
Multiple box configuration
Connect one central Firebox to multiple remote networks over the Internet.
- Add multiple VPN configurations to the central Firebox, and configure
remote Fireboxes accordingly.
- Make sure that passphrases are unique to a single VPN connection.
- On the central Firebox, use the same IP address for multiple remote
Fireboxes. However, the address can not be used for another purpose on
either the central or remote networks.
either the central or remote networks.
Setting up WatchGuard VPN
From Policy Manager:
1
Select Network => Branch Office VPN => WatchGuard VPN.
2
To set up a branch office, click Add.
3
In the Remote Firebox IP field, enter the IP address of the External interface of the
remote Firebox.
remote Firebox.
Access control is a critical part of configuring a secure VPN environment. If
machines on the branch office VPN network are compromised, attackers
obtain a secure tunnel to the trusted network.
WatchGuard VPN offers 40-bit encryption. WatchGuard VPN with 128-bit
encryption can be used when both ends of the tunnel are licensed for enhanced
encryption. Other encryption standards are available (128-bit DES and 3-
DES).