Force a Branch Office VPN Tunnel Rekey

Gateway endpoints automatically generate and exchange new keys after a specified amount of time or traffic passes, as defined in the Force Key Expiration text boxes in the Phase2 Proposals dialog box. If you want to immediately generate new keys instead of waiting for them to expire (particularly when you troubleshoot VPN tunnels), you can choose to rekey one or more Branch Office VPN (BOVPN) tunnels.

To rekey VPN tunnels, from Fireware Web UI:

  1. Select System Status > VPN Statistics.
  2. Click the gateway to see the tunnels for that gateway.
  3. To rekey a single tunnel, on the line for the VPN tunnel, click Rekey tunnel.
  4. To rekey all tunnels that use a gateway, on the gateway line click Rekey tunnels.
  5. To rekey all branch office VPN tunnels, click Rekey All Tunnels.

To rekey VPN tunnels, from Firebox System Manager:

  1. On the Front Panel tab, expand the Branch Office VPN Tunnels list for your Firebox.
  2. To rekey a single tunnel, right-click the tunnel, and select Rekey Selected BOVPN Tunnel.
  3. To rekey all tunnels that use a gateway, right-click the gateway, and select Rekey Selected BOVPN Tunnel.
  4. To rekey all tunnels, right-click any VPN gateway or tunnel, and select Rekey All VPN Tunnels.

To rekey VPN tunnels, from WatchGuard System Manager:

  1. Expand the Branch Office VPN Tunnels tree for your Firebox.
  2. To rekey a single tunnel, right-click the tunnel, and select Rekey IPSec Tunnels.
  3. To rekey all tunnels that use a gateway, right-click the gateway, and select Rekey IPSec Tunnels.
  4. To rekey all tunnels, right-click any VPN gateway or tunnel, and select Rekey All IPSec Tunnels.

When you rekey VPN tunnels from Firebox System Manager or WatchGuard System Manager, you must specify a user name and passphrase for a user account with Device Administrator privileges.

See Also

Monitor and Troubleshoot BOVPN Tunnels

Give Us Feedback     Get Support     All Product Documentation     Technical Search