Configure Manual BOVPN Gateways

A branch office VPN (BOVPN) gateway is a connection point for one or more tunnels. To create a tunnel, you must set up gateways on both the local and remote endpoint devices. To configure these gateways, you must specify:

  • Credential method — Either pre-shared keys or an IPSec Firebox certificate.
    For information about how to use certificates for BOVPN authentication, go to Certificates for Branch Office VPN (BOVPN) Tunnel Authentication.
  • Location of local and remote gateway endpoints, either by IP address or domain information.
  • Settings for Phase 1 of the Internet Key Exchange (IKE) negotiation. This phase defines the security association, or the protocols and settings that the gateway endpoints will use to communicate and protect data that is passed in the negotiation.


In Fireware v12.4 or higher, you can configure a BOVPN between two IPv6 gateways. An IPv4 tunnel is not required.

Before you configure a gateway, you must enable IPv6 for the external interface that the gateway uses. When you enable IPv6 for the interface, you must configure a static IPv6 address or select the DHCPv6 client option. For more information, go to Configure IPv6 for an External Interface.

When you add a gateway, you must specify an Address Family. The options are IPv4 Addresses or IPv6 Addresses. In the gateway and tunnel settings, the IP addresses you specify must be from the same family. For example, if you specify the IPv6 Addresses family, you can only specify IPv6 addresses in the gateway and tunnel settings.

These options are not supported for IPv6 BOVPNs:

  • Multicast
  • Modem failover
  • NAT and direction
  • Broadcast routing
  • Attempt to resolve domain setting

Add a Gateway

Configure the gateways for each BOVPN endpoint.

Run the BOVPN Gateway Configuration Report

After you add a gateway, you can run a report to see a summary of all gateway settings. This report can be useful if you need to troubleshoot the VPN. It can also make it easier to compare the configured settings with the settings of the remote VPN endpoint device.

To run the report from Fireware Web UI or Policy Manager:

  1. In the Gateways dialog box, select a configured gateway.
  2. Click Report.
  3. To add details about tunnels that use this gateway, select the Show Tunnel Details check box.

For more information about this report, go to Use the BOVPN Configuration Reports.

Related Topics

Edit and Delete Gateways

Add a Phase 1 Transform

Configure IPSec VPN Phase 1 Settings