User's Manual
Table Of Contents
- WatchGuard® Firebox® X Edge User Guide
- Certifications and Notices
- Declaration of Conformity
- Notice to Users
- WatchGuard Firebox Software
- End-User License Agreement
- Copyright, Trademark, and Patent Information
- Limited Hardware Warranty
- Abbreviations Used in this Guide
- CHAPTER 1 Introduction to Network Security
- CHAPTER 2 Installing the Firebox® X Edge
- CHAPTER 3 Configuration and Management Basics
- CHAPTER 4 Changing Your Network Settings
- Using the Network Setup Wizard
- Configuring the External Network
- Configuring the Trusted Network
- Configuring the Optional Network
- Enabling the optional network
- Changing the IP address of the optional network
- Using DHCP on the optional network
- Setting optional network DHCP address reservations
- Configuring the optional network for DHCP relay
- Using static IP addresses for optional computers
- Adding computers to the optional network
- Requiring encrypted connections
- Making Static Routes
- Viewing Network Statistics
- Registering with the Dynamic DNS Service
- Enabling the WAN Failover Option
- Enabling External Modem Failover
- CHAPTER 5 Setting up the Firebox X Edge Wireless
- CHAPTER 6 Configuring Firewall Settings
- CHAPTER 7 Configuring Logging
- CHAPTER 8 Configuring WebBlocker
- CHAPTER 9 Configuring Virtual Private Networks
- CHAPTER 10 Configuring the MUVPN Client
- CHAPTER 11 Managing the Firebox® X Edge
- Viewing Current Sessions and Users
- About User Authentication
- Adding or Editing a User Account
- About Seat Licenses
- Selecting HTTP or HTTPS for Firebox Management
- Changing the HTTP Server Port
- Setting up VPN Manager Access
- Updating the Firmware
- Activating Upgrade Options
- Enabling the Model Upgrade Option
- Configuring Additional Options
- Viewing the Configuration File
- APPENDIX A Firebox®X Edge Hardware
- Index
Configuring Virtual Private Networks
110 WatchGuard Firebox X Edge
Sample
VPN Address Information Table
Item Description Assigned
By
External IP
Address
The IP address that identifies the IPSec-
compatible device on the Internet.
ISP
Site A: 207.168.55.2
Site B: 68.130.44.15
External
Subnet Mask
The bitmask that shows which part of the IP
address identifies the local network. For
example, a class C address includes 256
addresses and has a netmask of
255.255.255.0.(Only 254 of the IP addresses in
that subnet can be assigned to computers.)
ISP
Site A: 255.255.255.0
Site B: 255.255.255.0
Local Network
Address
An address used to identify a local network. A
local network address cannot be used as an
external IP address. WatchGuard recommends
that you use an address from one of the
reserved ranges:
10.0.0.0/8—255.0.0.0
172.16.0.0/12—255.240.0.0
192.168.0.0/16—255.255.0.0
The numbers after the slashes indicate the
subnet masks. /24 means that the subnet mask
for the trusted network is 255.255.255.0. For
more information on entering IP addresses in
slash notation, see the FAQ:
https://www.watchguard.com/support/
advancedfaqs/general_slash.asp
You
Site A: 192.168.111.0/24
Site B: 192.168.222.0/24
Shared Secret The shared secret is a passphrase used by two
IPSec-compatible devices to encrypt and decrypt
the data that goes through the VPN tunnel. The
two devices use the same passphrase. If the
devices do not have the same passphrase, they
cannot encrypt and decrypt the data correctly.
Use a passphrase that contains numbers,
symbols, lowercase letters, and uppercase
letters for better security. For example,
“Gu4c4mo!3” is better than “guacamole”.
You
Site A: OurSharedSecret
Site B: OurSharedSecret