Configuring WatchGuard VPN
Configuring incoming services to allow VPN
Because users on the remote Firebox are technically outside the trusted network, you must configure services to allow traffic through the VPN connection. WatchGuard recommends the following method:
1Create a host alias corresponding to the VPN remote networks.
For more information see “Adding a host alias” on page 86.
2Add the VPN host alias to Incoming and From Outgoing to properties of allowed services.
For more information, see “Defining service properties” on page 49.
An alternative method is to add the Any service with the following incoming properties:
•Enabled and allowed
•From: VPN host alias
•To: Any
Verifying successful WatchGuard VPN configuration
To determine whether a configuration has been successful:
•Watch for log entries as the Firebox reboots that show local and remote VPN IP addresses.
•Check the Firebox status once it has booted. There should be an entry for a VPN interface directly following the entry for eth2.
•Check the Control Center display for tunnel status.
If none of these indicators is present, review all settings on both Fireboxes, double- check that the passphrases are the same, and verify the remote IP addresses.
132