Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual Configuring Dynamic Routing, To configure dynamic routing

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 62
Image 62
Configuring Dynamic Routing

Dynamic and Static Routing

Configuring Dynamic Routing

When dynamic routing is selected, the Firebox SSL VPN Gateway operates as follows:

It listens for route information published through RIP and automatically populates its routing table.

If the Dynamic Gateway option is enabled, the Firebox SSL VPN Gateway uses the Default Gateway provided by dynamic routing, rather than the value specified on the General Networking tab.

It disables any static routes created for the Firebox SSL VPN Gateway. If you later choose to disable dynamic routing, any previously created static routes appear again in the Firebox SSL VPN Gateway routing table.

To configure dynamic routing

1Click the VPN Gateway Cluster tab and then click the Routes tab.

2In Select routing type, select Dynamic Routing (RIP).

Selecting this option disables the static routes area. If static routes are defined, they do not display in the routing table although they are still available if you want to switch back to static routing.

3Click Enable Dynamic Gateway to use the default gateway provided by the routing server(s).

Selecting this check box disables use of the Default Gateway that is specified on the General Networking tab.

4In Routing Interface, choose the Firebox SSL VPN Gateway network adapter(s) to be used for dynamic routing. Typically, your routing server(s) are inside your firewall, so you would choose the internal network adapter for this setting.

5Click Submit.

Dynamic routes are not displayed in the Firebox SSL VPN Gateway routing table.

Enabling RIP Authentication for Dynamic Routing

To enhance security for dynamic routing, you can configure the Firebox SSL VPN Gateway to support RIP authentication.

Note

Your RIP server must transmit RIP 2 packets to use RIP authentication. RIP 1 does not support authentication.

To support RIP authentication, both the RIP server and the Firebox SSL VPN Gateway must be config- ured to use a specific authentication string. The RIP server can transmit this string as plain text or encrypt the string with MD5.

If the RIP server encrypts the authentication string with MD5, you must also select the MD5 option on the Firebox SSL VPN Gateway.

You can configure the Firebox SSL VPN Gateway to listen for the RIP authentication string on Interface 0, Interface 1, or both interfaces.

To enable RIP authentication for dynamic routing

1On the Firebox SSL VPN Gateway Cluster tab, open the window for an appliance.

2 Click the Routes tab.

3In Routing Interface, select either Interface 0, Interface 1, or Both to specify the interface(s) on which the Firebox SSL VPN Gateway listens for the RIP authentication string.

4Select the RIP Authentication String for Interface check box.

52

Firebox SSL VPN Gateway

Page 61 Page 63
Page 62
Image 62
WatchGuard Technologies SSL VPN manual Configuring Dynamic Routing, Enabling RIP Authentication for Dynamic Routing
Page 61 Page 63