Authentication to an Active Directory Server Through a BOVPN Tunnel

If you have XTM devices at two sites connected with a branch office VPN tunnel, and you have an Active Directory server at one of the sites, you can enable users at both sites to use the same Active Directory server for authentication. To do this, you can add tunnel routes to the configuration of both devices as described below.

For example, consider an organization that has XTM devices at two sites, Site A and Site B. The Active Directory server is located at Site A. The administrator wants the XTM device at Site B to use the Active Directory Server at Site A for authentication of local users.

Add a Tunnel Route to the Site A BOVPN Configuration

At Site A, you must add a tunnel route for traffic through the BOVPN tunnel from Site B to the local Active Directory server.

  1. Open the Fireware XTM Web UI for the XTM device at Site A.
  2. Select VPN > Branch Office VPN.
  3. Select the existing tunnel to Site B and click Edit.
  4. In the Addresses tab, click Add.
  5. In the Local IP section, in the Host IP text box, type the private IP address of the Active Directory server.
  6. In the Remote IP section, in the Host IP text box, type the IP address of the external interface at Site B.
  7. Save the configuration to the device.

Add a Tunnel Route to the Site B BOVPN Configuration

At Site B, you must also add a tunnel route for traffic through the BOVPN tunnel between Site B and the Active Directory server at Site A.

  1. Open the Fireware XTM Web UI for the XTM device at Site B.
  2. Select VPN > Branch Office VPN.
  3. Select the existing tunnel to Site A and click Edit.
  4. In the Addresses tab, click Add.
  5. In the Local IP section, in the Host IP text box, type the external IP address of the Site B device.
  6. In the Remote IP section, in the Host IP text box, type the IP address of the Active Directory server located at Site A.
  7. Save the configuration to the device.

Configure Active Directory Authentication on the Site B Device

Configure Active Directory authentication on the Firebox or XTM device at Site B as described in Configure Active Directory Authentication.

After you complete these steps, the XTM device at Site B can use the Active Directory server at Site A to authenticate local users.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base