Centrally Manage Your Fireboxes > Centralized Management with the WSM Management Server > Set Up the Management Server > Manage Server Licenses and Restrict VPN Tunnel Authentication Options

Manage Server Licenses and Restrict VPN Tunnel Authentication Options

You can use WatchGuard System Manager (WSM) to manage the licenses for your Management Server. You can add or delete license keys, and see the current license key information, including how many devices your license keys allow you to manage. You can also force the Management Server to only use shared keys for VPN tunnel authentication.

For information about how to find all the license keys available for your Management Server, see Find Your Management Server License Key.

Review Current License Key Information

  1. Start WatchGuard System Manager and Use WSM to Connect to your Management Server.
    The Management Server page appears.
  2. In the Server Information section, click Manage Server Configuration.
    Or, select File > Manage Server Configuration.
    The Management Server Configuration dialog box appears.

Screen shot of the Management Server Configuration dialog box

  1. Add or Remove a License Key.
  2. Restrict the VPN Tunnel Authentication Method
  3. Click OK.
    The License Agreement dialog box appears.
  4. Click Yes.

Add or Remove a License Key

To add a license key:

  1. In the Management Server Configuration dialog box, click Add.
    The Add License Key dialog box appears.

Screen shot of the Add License Key dialog box

  1. In the License Key text box, type or paste the license key text.
  2. Click OK.
    The license key you added appears in the License Keys window and the number of licensed devices is updated.

To remove a license key:

  1. In the License Keys list, select the license key to remove.
  2. Click Remove.
    The license key is deleted from the License Keys window and the number of licensed devices is updated.

Restrict the VPN Tunnel Authentication Method

You can configure the Management Server to exclude IPSec certificates as the preferred authentication option for VPN tunnels and instead restrict the authentication method to shared keys. This prevents unnecessary certificate creation for devices that do not use a certificate for Branch Office VPNs and improves performance if you do not use certificates with your Branch Office VPN tunnels.

If your Management Server manages any VPN tunnels that use an authentication method other than shared keys, you cannot enable the option to restrict the VPN tunnel method. You must first change the authentication method for those tunnels to use shared keys.

To restrict the tunnel authentication method for VPN tunnels to shared keys:

Select the Limit tunnel authentication options to shared key check box.

When you select this option, in the Device Properties dialog box for all devices managed by the Management Server, on the IPSec Tunnel Preferences tab, the option in the Tunnel Authentication drop-down list is set to Shared Key and cannot be changed.

Screen shot of the IPSec Tunnel Preferences tab with Tunnel Authentication restricted to Shared Key

See Also

Review Information for Managed Devices

Quick Start — Add and Manage VPN Tunnels and Resources

About WatchGuard System Manager

Give Us Feedback     Get Support     All Product Documentation     Technical Search