Disable Automatic Tunnel Startup

BOVPN tunnels are automatically created each time the Firebox starts. You can change this default behavior in the settings for the branch office VPN. A common reason to change it would be if the remote endpoint uses a third-party device that must initiate the tunnel instead of the local endpoint.

Disable Automatic Startup for Manual Branch Office VPN Tunnels

To disable automatic startup for tunnels that use a gateway, from Fireware Web UI:

  1. Select VPN > Branch Office VPN.
    The Branch Office VPN configuration page appears
  2. Select a gateway and click Edit.
    The Gateway page appears.
  3. Clear the Start Phase1 tunnel when Firebox starts check box at the bottom of the page.

To disable automatic startup for tunnels that use a gateway, from Policy Manager:

  1. Select VPN > Branch Office Gateways.
    The Gateways dialog box appears.
  2. Select a gateway and click Edit.
    The Edit Gateway dialog box appears.
  3. Clear the Start Phase1 tunnel when Firebox starts check box at the bottom of the dialog box.

Disable Automatic Tunnel Startup for a BOVPN Virtual Interface

For a BOVPN virtual interface, automatic tunnel startup is enabled by default for XTM 2, 3, and 5 Series models.

To disable automatic startup for a BOVPN virtual interface, from Fireware Web UI or Policy Manager:

  1. Select VPN > BOVPN Virtual Interface.
  2. Clear the Start Phase1 tunnel when it is inactivecheck box.

If you clear this check box, the Firebox still automatically restarts the tunnel when it is inactive if any policy uses policy-based routing to route outbound traffic to this BOVPN virtual interface.

You can also disable a BOVPN gateway and all associated tunnels. For more information, see Disable or Enable a Branch Office VPN.

Give Us Feedback     Get Support     All Product Documentation     Technical Search