Define Gateway Endpoints for a BOVPN Gateway

Gateway Endpoints are the local and remote gateways that a BOVPN connects. The gateway endpoints configuration tells your Firebox or XTM device how to identify and communicate with the remote endpoint device when it negotiates the BOVPN. It also tells the device how to identify itself to the remote endpoint when it negotiates the BOVPN. You must configure at least one gateway endpoint pair when you add a BOVPN gateway.

Any external interface can be a gateway endpoint. If you have more than one external interface, you can configure multiple gateway endpoints for VPN failover. For more information, see Configure VPN Failover.

Local Gateway

In the Local Gateway section, you configure the gateway ID and the external interface the BOVPN connects to on your Firebox or XTM device.

For the gateway ID, if you have a static IP address you can select By IP Address. If you have a domain that resolves to the IP address the BOVPN connects to on your Firebox or XTM device, select By Domain Information.

From the Gateway page:

  1. In the Gateway Endpoints section, click Add.
    The New Gateway Endpoints Settings dialog box appears.

Screen shot of the Gateway Endpoint Settings dialog box, Local Gateway tab

  1. Select an option and specify the gateway ID:
  2. From the External Interface drop-down list, select the interface on the Firebox or XTM device that has the IP address or domain you chose for the gateway ID. If you configured the wireless client as an external interface, select the interface WG-Wireless-Client.

Remote Gateway

On the Remote Gateway tab, you configure the gateway IP address and gateway ID for the remote endpoint device that the BOVPN connects to. The gateway IP address can be either a static IP address or a dynamic IP address. The gateway ID can be By Domain Name, By User ID on Domain, or By x500 Name. The administrator of the remote gateway device selects which gateway ID type to use.

If the remote VPN endpoint uses DHCP or PPPoE to get an external IP address, set the ID type of the remote gateway to Domain Name. Set the peer name to the fully qualified domain name of the remote VPN endpoint. The Firebox or XTM device uses the IP address and domain name to find the VPN endpoint. Make sure the DNS server used by the device can identify the name.

  1. In the Gateway Endpoint Settings dialog box, select the Remote Gateway tab.

Screen shot of the Gateway Endpoint Settings dialog box, Remote Gateway tab

  1. Select the remote gateway IP address type:
  2. Select an option and specify the gateway ID:
  3. Click OK.
    The gateway pair you defined appears in the list of gateway endpoints.
  4. To configure Phase 1 settings for this gateway, follow the steps in Configure Mode and Transforms (Phase 1 Settings).

See Also

Configure Gateways

Make Tunnels Between Gateway Endpoints

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base