Watchguard Firebox X15 User Manual page 272
Firebox x edge e-series version 10 all firebox x edge e-series standard and wireless models
Hide thumbs
Also See for Firebox X15:
- User manual (266 pages) ,
- Quick start manual (2 pages) ,
- Reference manual (264 pages)
Table of Contents
Advertisement
Branch Office Virtual Private Networks
If your Edge is behind a device that does NAT
The Firebox X Edge e-Series can use NAT Traversal. This means that you can make VPN tunnels if your ISP does
NAT (Network Address Translation) or if the external interface of your Edge is connected to a device that does
NAT. We recommend that the Firebox X Edge external interface have a public IP address. If that is not possible,
use this section for more information.
Devices that do NAT frequently have some basic firewall features built into them. To make a VPN tunnel to
your Firebox X Edge e-Series when the Edge is behind a device that does NAT, the NAT device must let the
traffic through. These ports and protocols must be open on the NAT device:
UDP port 500 (IKE)
UDP port 4500 (NAT Traversal)
IP protocol 50 (ESP)
Speak with the NAT device's manufacturer for information on opening these ports and protocols on the NAT
device.
If your Firebox X Edge e-Series external interface has a private IP address, you cannot use an IP address as the
local ID type in the Phase 1 settings. Because private IP addresses cannot get through the Internet, the other
device cannot find the private external IP address of your Edge through the Internet.
If the NAT device to which the Firebox X Edge is connected has a dynamic public IP address:
o First, set the device to Bridge Mode. In Bridge Mode, the Edge gets the public IP address on its
external interface. Refer to the manufacturer of your NAT device for more information.
o Set up Dynamic DNS on the Firebox X Edge. For information, see
service. In the Phase 1 settings of the Manual VPN, set the local ID type to Domain Name. Enter
the DynDNS domain name as the Local ID. The remote device must identify your Edge by
domain name and it must use your Edge's DynDNS domain name in its Phase 1 setup.
If the NAT device to which the Firebox X Edge is connected has a static public IP address:
o In the Phase 1 settings of the Manual VPN, set the local ID type drop-down list to Domain
Name. Enter the public IP address assigned to the NAT device's external interface as the local
ID. The remote device must identify your Firebox X Edge by domain name, and it must use the
same public IP address as the domain name in its Phase 1 setup.
260
About the Dynamic DNS
Firebox X Edge e-Series
Hide quick links:
Advertisement
Table of Contents
