Table of Contents
Advertisement
Configuring WatchGuard VPN
Configuring incoming services to allow VPN
Because users on the remote Firebox are technically outside the trusted network, you
must configure services to allow traffic through the VPN connection. WatchGuard
recommends the following method:
1
Create a host alias corresponding to the VPN remote networks.
For more information see "Adding a host alias" on page 86.
2
Add the VPN host alias to Incoming and From Outgoing to properties of allowed
services.
For more information, see "Defining service properties" on page 49.
An alternative method is to add the Any service with the following incoming
properties:
• Enabled and allowed
• From: VPN host alias
• To: Any
Verifying successful WatchGuard VPN configuration
To determine whether a configuration has been successful:
• Watch for log entries as the Firebox reboots that show local and remote VPN IP
addresses.
• Check the Firebox status once it has booted. There should be an entry for a VPN
interface directly following the entry for eth2.
• Check the Control Center display for tunnel status.
If none of these indicators is present, review all settings on both Fireboxes, double-
check that the passphrases are the same, and verify the remote IP addresses.
132
Advertisement
Table of Contents
