Contents

Disable Automatic Tunnel Startup

BOVPN tunnels are automatically created each time the Firebox starts. You can change this default behavior in the settings for the branch office VPN. A common reason to change it would be if the remote endpoint uses a third-party device that must initiate the tunnel instead of the local endpoint.

Disable Automatic Startup for Manual Branch Office VPN Tunnels

To disable automatic startup for tunnels that use a gateway, from Fireware Web UI:

  1. Select VPN > Branch Office VPN.
    The Branch Office VPN configuration page appears
  2. Select a gateway and click Edit.
    The Gateway page appears.
  3. Clear the Start Phase 1 tunnel when Firebox starts check box at the bottom of the page.

To disable automatic startup for tunnels that use a gateway, from Policy Manager:

  1. Select VPN > Branch Office Gateways.
    The Gateways dialog box appears.
  2. Select a gateway and click Edit.
    The Edit Gateway dialog box appears.
  3. Clear the Start Phase 1 tunnel when Firebox starts check box at the bottom of the dialog box.

Disable Automatic Tunnel Startup for a BOVPN Virtual Interface

For a BOVPN virtual interface, automatic tunnel startup is enabled by default for XTM 2, 3, and 5 Series models.

To disable automatic startup for a BOVPN virtual interface, from Fireware Web UI or Policy Manager:

  1. Select VPN > BOVPN Virtual Interface.
  2. Clear the Start Phase 1 tunnel when it is inactivecheck box.

If you clear this check box, the Firebox still automatically restarts the tunnel when it is inactive if any policy uses policy-based routing to route outbound traffic to this BOVPN virtual interface.

You can also disable a BOVPN gateway and all associated tunnels. For more information, see Disable or Enable a Branch Office VPN.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search