Define Gateway Endpoints for a BOVPN Virtual Interface

Gateway Endpoints are the local and remote gateways that are connected by a BOVPN. The gateway endpoints configuration enables your Firebox to specify how to identify and communicate with the remote endpoint device when it negotiates the BOVPN. It also enables the device to specify how to identify itself to the remote endpoint when it negotiates the BOVPN. You must configure at least one gateway endpoint pair when you add a BOVPN virtual interface.

You can configure multiple gateway endpoints for VPN failover. For more information, see Configure VPN Failover.

In Fireware v11.12.2 and higher, you can specify different pre-shared keys for each gateway endpoint of a virtual interface. For an example of a configuration with different pre-shared keys, see BOVPN Virtual Interface for Static Routing to Amazon Web Services (AWS).

Local Gateway

In the Local Gateway settings, you configure the gateway ID and the interface the BOVPN connects to on your Firebox. You can configure a BOVPN virtual interface to use any internal or external interface as the local gateway.

Do not use a secondary interface IP address as a gateway endpoint.

For the gateway ID, if you have a static IP address you can select By IP Address. If you have a domain that resolves to the IP address the BOVPN connects to on your Firebox, select By Domain Information.

Remote Gateway

You can configure the gateway IP address and gateway ID for the remote endpoint device that the BOVPN connects to. The gateway IP address can be either a static IP address or a dynamic IP address. The gateway ID can be By Domain Name, By User ID on Domain, or By x500 Name. The administrator of the remote gateway device selects which gateway ID type to use.

If the remote VPN endpoint gets an external IP address from DHCP or PPPoE, set the ID type of the remote gateway to Domain Name. Set the peer name to the fully qualified domain name of the remote VPN endpoint. The Firebox uses the IP address and domain name to find the VPN endpoint. Make sure the DNS server the device uses can identify the name.

See Also

Configure Manual BOVPN Gateways

Configure Manual BOVPN Tunnels

Give Us Feedback     Get Support     All Product Documentation     Technical Search