When you configure a BOVPN virtual interface, you configure the BOVPN gateway settings, VPN routes, and other VPN settings. For each BOVPN virtual interface, the Device Name is automatically assigned and is not configurable. The Device Name is used to identify this interface in the Status Report in Firebox System Manager.
To use a trusted, optional, or custom interface as a local gateway endpoint for a BOVPN virtual interface, the device must use Fireware XTM v11.9.4 or higher.
To add a BOVPN Virtual Interface:
If you select Use Pre-Shared Key
Type or paste the shared key. You must use the same shared key on the remote device. This shared key must use only standard ASCII characters.
If you select Use IPSec Firebox Certificate
The table below the radio button shows current certificates on the XTM device. Select the certificate to use for the gateway.
For more information, see Certificates for Branch Office VPN (BOVPN) Tunnel Authentication.
Gateway Settings tab also contains these settings.
Use Modem for failover
If you have enabled modem failover, select this check box to configure the branch office VPN to fail over to a modem if all external interfaces cannot connect.
You cannot use a modem for failover from a BOVPN virtual interface if any local gateway endpoint uses an interface that is not an external interface.
Start Phase 1 tunnel when it is inactive
When selected, this option causes the XTM device to automatically restart the tunnel if it is not active. This check box is selected by default for XTM 2, 3, and 5 Series models. Clear this check box if you do not want the XTM device to automatically start the tunnel.
If you clear this check box, the Firebox or XTM device still automatically restarts the tunnel when it is inactive if any policy uses policy-based routing to route outbound traffic to this BOVPN virtual interface.
Add this tunnel to the BOVPN-Allow policies
When selected, this option adds the tunnel to the BOVPN-Allow.in and the BOVPN-Allow.out policies. These policies allow all traffic that matches the routes for this tunnel.
To restrict traffic through the tunnel, clear this check box and create custom policies for types of traffic that you want to allow through the tunnel.
The other tabs to configure these settings for the BOVPN virtual interface:
About BOVPN Virtual Interfaces