A gateway is a connection point for one or more tunnels. To create a tunnel, you must set up gateways on both the local and remote endpoint devices. To configure these gateways, you must specify:
- Credential method — Either pre-shared keys or an IPSec XTM device certificate.
For information about using certificates for BOVPN authentication, see Certificates for Branch Office VPN (BOVPN) Tunnel Authentication.
- Location of local and remote gateway endpoints, either by IP address or domain information.
- Settings for Phase 1 of the Internet Key Exchange (IKE) negotiation. This phase defines the security association, or the protocols and settings that the gateway endpoints will use to communicate, to protect data that is passed in the negotiation.
Add a Gateway
You can use Fireware XTM Web UI to configure the gateways for each endpoint device.
- Select VPN > Branch Office VPN.
The Branch Office VPN configuration page appears.
- To add a gateway, click Add below the Gateways list.
The Gateway settings page appears.
- In the Gateway Name text box, type a name to identify the gateway for this XTM device.
- From the Gateway page, select either Use Pre-Shared Key or Use IPSec Firebox Certificate to identify the authentication procedure this tunnel uses.
If you selected Use Pre-Shared Key
Type or paste the shared key. You must use the same shared key on the remote device. This shared key must use only standard ASCII characters.
If you selected Use IPSec Firebox Certificate
The table below the radio button shows current certificates on the XTM device. Select the certificate to use for the gateway.
For more information, see Certificates for Branch Office VPN (BOVPN) Tunnel Authentication.
You can now define the gateway endpoints. For more information, see Define Gateway Endpoints for a BOVPN Gateway.
Run the BOVPN Gateway Configuration Report
After you add a gateway, you can run a report to see a summary of all gateway settings. The BOVPN Gateway Configuration Report is a section of the XTM Configuration Report that shows the configuration settings for the selected gateway. This report can be useful if you need to troubleshoot the VPN. It can also make it easier to compare the configured settings with the settings of the remote VPN endpoint device.
To run the report:
- In the Gateways list, select a configured gateway.
- Click Report.
The XTM Configuration Report appears in a new window. It automatically scrolls to the section for the selected gateway.
For more information about this report, see Use the BOVPN Configuration Reports.
Edit and Delete Gateways
Add a Phase 1 Transform
Configure Mode and Transforms (Phase 1 Settings)