Manual Branch Office VPN Tunnels

A Branch Office Virtual Private Network (BOVPN) enables secure, encrypted connections between networks at geographically separated locations. You can configure a manual BOVPN tunnel between two Fireboxes, or between a Firebox and a third-party IPSec VPN gateway. You can also configure a BOVPN virtual interface to create a tunnel between a Firebox and a cloud-based endpoint on a virtual network.

Get Started

BOVPN

About Manual IPSec Branch Office VPNs

Quick Start — Set Up a VPN Between Two Fireboxes

Set up a VPN Between Two Fireware Devices (Web UI)

Set up a VPN Between Two Fireware Devices (WSM)

Configure Manual BOVPN Gateways

Configure Manual BOVPN Tunnels

BOVPN Virtual Interfaces

About BOVPN Virtual Interfaces

Configure a BOVPN Virtual Interface

Configuration Examples and Integration Guides

Firebox to Firebox

Manual BOVPN Configuration Examples

BOVPN Virtual Interface Examples

Firebox to Third Party Endpoints

BOVPN Virtual Interface for Dynamic Routing to Microsoft Azure

BOVPN Virtual Interface for Static Routing to Microsoft Azure

BOVPN Virtual Interface for Dynamic Routing to Amazon Web Services (AWS)

BOVPN Virtual Interface for Static Routing to Amazon Web Services (AWS)

Fireware Integration Guides

Troubleshoot

Monitor and Troubleshoot BOVPN Tunnels

Improve Branch Office VPN (BOVPN) Tunnel Availability

Force a Branch Office VPN Tunnel Rekey

Log Messages

Logging Through a BOVPN Tunnel

Use VPN Diagnostic Messages

Use the VPN Diagnostic Report

Filter Branch Office VPN Log Messages

Reports

Use the BOVPN Configuration Reports

Learn More

Security

About Diffie-Hellman Groups

Configure IKEv2 Shared Settings

Add a Phase 1 Transform

Configure IPSec VPN Phase 1 Settings

Add a Phase 2 Proposal

Configure Phase 2 Settings

Hex-Based Pre-Shared Keys

Authentication

Active Directory Authentication Through a BOVPN Tunnel

Policies

Define Custom Tunnel Policies

Routing

Control Routing Through a Manual BOVPN Tunnel

Configure VPN Routes

Add Routes for a Tunnel

Enable Broadcast Routing Through a Branch Office VPN Tunnel

Example of Broadcast Routing Through a BOVPN Tunnel

Enable Multicast Routing Through a Branch Office VPN Tunnel

Multicast Routing Through a BOVPN Tunnel

Define a Route for All Internet-Bound Traffic

Allow Mobile VPN with SSL Users to use Resources Through a BOVPN Tunnel

Network Address Translation (NAT)

BOVPN and Network Address Translation

Configure Outgoing Dynamic NAT Through a Branch Office VPN Tunnel

Configure 1-to-1 NAT Through a Branch Office VPN Tunnel

Configure Inbound IPSec Pass-through with SNAT

BOVPN on a Firebox Behind a Device That Does NAT

Failover

About BOVPN Failover

Configure VPN Modem Failover

VPN Modem Failover and Multi-WAN

DNS

Configure Name Resolution Through a Branch Office VPN Tunnel

Optional Settings

Disable Automatic Tunnel Startup

About Global VPN Settings

Configure a Maximum Transmission Unit (MTU) Value

See Also

Get Started with BOVPN video tutorial (12 minutes)

Managed Branch Office VPN Tunnels (WSM)