You configure Phase 1 and Phase 2 settings for each IPSec VPN.
Branch Office VPN
For a manual Branch Office VPN (BOVPN), you configure Phase 1 settings when you define a Branch Office gateway, and you configure Phase 2 settings when you define a Branch Office tunnel.
For more information about BOVPN Phase 1 and Phase 2 settings, go to:
For a BOVPN virtual interface Phase 1 and Phase 2 settings are in the BOVPN virtual interface configuration. For more information, go to Configure a BOVPN Virtual Interface.
For a managed Branch Office VPN, you configure the Phase 1 and Phase 2 settings when you add a Security Template.
For more information, go to Add Security Templates
Mobile VPN with IPSec
For Mobile VPN with IPSec, Mobile VPN with L2TP, and Mobile VPN with IKEv2, many of the Phase 1 and Phase 2 settings are set automatically by the setup wizards. You can also manage these settings in the Web UI or Policy Manager.
For Mobile VPN with IPSec, you configure the Phase 1 and Phase 2 settings when you add or edit a Mobile VPN with IPSec configuration.
For more information, go to:
- Configure the Firebox for Mobile VPN with IPSec
- Modify an Existing Mobile VPN with IPSec Group Profile
- Use the WatchGuard L2TP Setup Wizard
- Use the WatchGuard IKEv2 Setup Wizard
Use a Certificate for IPSec VPN Tunnel Authentication
When an IPSec tunnel is created, the IPSec protocol checks the identity of each endpoint with either a pre-shared key (PSK) or a certificate imported and stored on the Firebox. You configure the tunnel authentication method in the VPN Phase 1 settings.
For more information about how to use a certificate for tunnel authentication, go to:
- Certificates for Branch Office VPN (BOVPN) Tunnel Authentication
- Certificates for Mobile VPN with IPSec Tunnel Authentication (WSM)
- Certificates for Mobile VPN with L2TP Tunnel Authentication
- Certificates for Mobile VPN with IKEv2 Tunnel Authentication