Manage BOVPNs for Cloud-Managed Fireboxes

Applies To: Cloud-managed Fireboxes

A Branch Office Virtual Private Network (BOVPN) enables secure, encrypted connections between networks at geographically separated locations. You can configure a BOVPN between two cloud-managed Fireboxes in your WatchGuard Cloud account. You can also configure a BOVPN to any other Firebox or third-party VPN endpoint.

When you add, edit, or delete a BOVPN for a cloud-managed Firebox, the BOVPN configuration update is immediately deployed to cloud-managed Fireboxes.

You cannot add, update, or delete a BOVPN for a Firebox that has undeployed changes.

To see the status of the deployment, go to the Deployment History page for each Firebox. For more information, see Manage Device Configuration Deployment.

Manage BOVPNs

You can manage BOVPNs for all Fireboxes in your account, or you can manage BOVPNs for a specific Firebox.

To manage BOVPNs for all cloud-managed Fireboxes in an account, from WatchGuard Cloud:

  1. Select the account name or a device in an account.
  2. Select Configure > VPNs.
    The BOVPN page shows BOVPNs for all cloud-managed Fireboxes in the account.

To manage BOVPNs for a single cloud-managed Firebox, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the Firebox.
  3. Select Device Configuration.
  4. Click the Branch Office VPN tile.
    The BOVPN page shows BOVPNs for the selected Firebox.

Add a BOVPN

To add a BOVPN, from either BOVPN page:

  1. Click Add BOVPN.

  1. In the Name text box, type a name for the BOVPN.
  2. Select the type of device the cloud-managed Firebox will connect to:

BOVPN to a Cloud-Managed Firebox

Select this option to configure a BOVPN between two cloud-managed Fireboxes in the same WatchGuard Cloud account. This option creates a shared BOVPN configuration for both devices. When you save the BOVPN, the BOVPN configuration is automatically deployed for both Fireboxes to download.

For more information, see Configure a BOVPN Between Cloud-Managed Fireboxes.

This option is only for a BOVPN between Fireboxes in the same account. To create a BOVPN between Fireboxes in different accounts, select Locally-Managed Firebox or third-party VPN endpoint and configure the VPN separately in each account.

BOVPN to a Locally-Managed Firebox or Third-party VPN Endpoint

Select this option to configure a BOVPN between a cloud-managed Firebox and any other VPN endpoint. The remote VPN endpoint could be any of these types:

  • Third-party VPN endpoint
  • Locally-managed Firebox
  • Cloud-managed Firebox in a different WatchGuard Cloud account

For this type of BOVPN configuration, you must configure security settings that the endpoints use to negotiate a secure connection. You must also configure the same settings on the remote endpoint. When you save the BOVPN, the BOVPN configuration is automatically deployed for the cloud-managed Firebox to download.

For more information, see Configure a BOVPN to a Locally-Managed Firebox or Third-Party VPN Endpoint.

Edit a BOVPN

When you update a BOVPN, the configuration change is immediately deployed to cloud-managed Fireboxes. You can see the status of the deployment on the Deployment History page.

You cannot save changes to a BOVPN for a Firebox that has undeployed changes.

To edit a BOVPN, from the BOVPN page:

  1. Click the name of the BOVPN.
  2. Edit the VPN settings.
  3. Click Update.
    Changes deploy automatically to cloud-managed Fireboxes.

Delete a BOVPN

When you delete a BOVPN, the configuration change is immediately deployed to cloud-managed Fireboxes. You can see the status of the deployment on the Deployment History page.

You cannot delete a BOVPN for a Firebox that has undeployed changes.

To delete a BOVPN, from the BOVPN page:

  1. On the line for the BOVPN you want to delete, click .
  2. Click Delete.
    Changes deploy automatically to cloud-managed Fireboxes.

BOVPNs and Device Removal

If you configure a BOVPN between two cloud-managed devices, and then remove one device from cloud management, the BOVPN configuration becomes invalid because it has only one endpoint. You can view and delete the BOVPN, but you cannot edit it. Before you delete the BOVPN, remove references to the BOVPN in the configuration of the other Firebox.

See Also

Monitor VPNs on Fireboxes and FireClusters

Run a BOVPN Diagnostic Report for a Firebox or FireCluster

View the BOVPN Guide