Rekey BOVPN Tunnels

The gateway endpoints of BOVPN tunnels must generate and exchange new keys after a set period of time, or after a specified amount of traffic is passed. If you want to immediately generate new keys instead of waiting for them to expire, you can use the rekey options in Firebox System Manager to force BOVPN tunnels to expire immediately. This can be helpful when you troubleshoot tunnel issues.

Because tunnels are triggered by traffic, they are rebuilt when traffic starts to flow through them. If you rekey a tunnel and it has no traffic, it is not automatically rebuilt.

Rekey One BOVPN Tunnel

  1. Select the Front Panel tab.
  2. From the Branch Office VPN Tunnels list, select a tunnel to rekey.
  3. Right-click the tunnel and select Rekey Selected BOVPN Tunnel.
    If you are logged in to the device as a Device Monitor user, the Rekey BOVPN Tunnel dialog box appears. If you are logged in as a Device Administrator, the BOVPN tunnel is rekeyed.
  4. In the User Name text box, type the name of a user account with Device Administrator credentials.
  5. In the Passphrase text box, type the passphrase for the user.
  6. From the Authentication Server drop-down list, select the authentication for the user account you specified.
  7. If you select an Active Directory authentication server, in the Domain text box, type the domain for the user account you specified.
  8. Click OK.

Rekey All BOVPN Tunnels

Firebox System Manager has two methods you can use to rekey all BOVPN tunnels at the same time.

Method one:

  1. Select the Front Panel tab.
  2. Right-click anywhere on the Front Panel tab.
  3. Select Rekey All BOVPN Tunnels.
    If you are logged in to the device as a Device Monitor user, the Rekey All BOVPN Tunnels dialog box appears. If you are logged in as a Device Administrator, the BOVPN tunnel is rekeyed.
  4. In the User Name text box, type the name of a user account with Device Administrator credentials.
  5. In the Passphrase text box, type the passphrase for the user.
  6. From the Authentication Server drop-down list, select the authentication for the user account you specified.
  7. If you select an Active Directory authentication server, in the Domain text box, type the domain for the user account you specified.
  8. Click OK.

Method two:

  1. Select Tools > Rekey All BOVPN Tunnels.
    If you are logged in to the device as a Device Monitor user, the Rekey All BOVPN Tunnels dialog box appears. If you are logged in as a Device Administrator, the BOVPN tunnel is rekeyed.
  2. In the User Name text box, type the name of a user account with Device Administrator credentials.
  3. In the Passphrase text box, type the passphrase for the user.
  4. From the Authentication Server drop-down list, select the authentication for the user account you specified.
  5. If you select an Active Directory authentication server, in the Domain text box, type the domain for the user account you specified.
  6. Click OK.

Related Topics

Start Firebox System Manager