Creating BOVPN’s (Branch Office Virtual Private Networks) the manual way can be time consuming. In most environments, BOVPN’s are required before the business or site in question can be in production. Because of this, ways to streamline BOVPN creation have been done. WatchGuard’s approach to this are ‘Managed VPN Tunnels’ or ‘Drag and Drop Tunnels’. The name ‘Drag and Drop’ is quite literal: once you have two Fireboxes in a management server, you simply drag one Firebox on top of another. From there, a wizard will begin, and in less than a minute you will have a BOVPN.
Another option to ensure that your security measures are fulfilled are ‘Security Templates’ where you can choose Phase 1 and Phase 2 settings. After you name the template, you are ready to implement in your environment. Below I will showcase the configuration of a Security Template as well as a Drag and Drop VPN.
Creating a Security Template
While logged in to the WatchGuard Management Server, navigate to the bottom of the options on the left side
Select the box beside ‘Managed VPNs’
Right Click ‘Security Templates’
Select ‘Insert Security Template’
Follow the prompts to complete naming, Phase 1, and Phase 2
Creating a Drag and Drop VPN
Select one of the Fireboxes you wish to create a tunnel for, and drag the Firebox on to the other side of the BOVPN
Add VPN Wizard Begins – Ensure to only select the networks you require. You may need to build your networks under the ‘VPN Resources’ page of each Firebox in WatchGuard Management Server.
At this point, the BOVPN is completed. The VPN Firewall Policy Template portion can be utilized, but if not the default BOVPN-Allow-In and BOVPN-Allow-Out rules will be utilized. Without WatchGuard Management Server, only manually created BOVPN’s are an option. As you can tell, this makes the process for configuring BOVPN’s much quicker when they are WatchGuard to WatchGuard VPN’s. This process cannot function with other vendor Firewalls as they cannot be added to WatchGuard Management Server.