User's Manual
Table Of Contents
- WatchGuard® Firebox® X Edge User Guide
- Certifications and Notices
- Declaration of Conformity
- Notice to Users
- WatchGuard Firebox Software
- End-User License Agreement
- Copyright, Trademark, and Patent Information
- Limited Hardware Warranty
- Abbreviations Used in this Guide
- CHAPTER 1 Introduction to Network Security
- CHAPTER 2 Installing the Firebox® X Edge
- CHAPTER 3 Configuration and Management Basics
- CHAPTER 4 Changing Your Network Settings
- Using the Network Setup Wizard
- Configuring the External Network
- Configuring the Trusted Network
- Configuring the Optional Network
- Enabling the optional network
- Changing the IP address of the optional network
- Using DHCP on the optional network
- Setting optional network DHCP address reservations
- Configuring the optional network for DHCP relay
- Using static IP addresses for optional computers
- Adding computers to the optional network
- Requiring encrypted connections
- Making Static Routes
- Viewing Network Statistics
- Registering with the Dynamic DNS Service
- Enabling the WAN Failover Option
- Enabling External Modem Failover
- CHAPTER 5 Setting up the Firebox X Edge Wireless
- CHAPTER 6 Configuring Firewall Settings
- CHAPTER 7 Configuring Logging
- CHAPTER 8 Configuring WebBlocker
- CHAPTER 9 Configuring Virtual Private Networks
- CHAPTER 10 Configuring the MUVPN Client
- CHAPTER 11 Managing the Firebox® X Edge
- Viewing Current Sessions and Users
- About User Authentication
- Adding or Editing a User Account
- About Seat Licenses
- Selecting HTTP or HTTPS for Firebox Management
- Changing the HTTP Server Port
- Setting up VPN Manager Access
- Updating the Firmware
- Activating Upgrade Options
- Enabling the Model Upgrade Option
- Configuring Additional Options
- Viewing the Configuration File
- APPENDIX A Firebox®X Edge Hardware
- Index
Setting Up Manual VPN Tunnels
User Guide 115
To change Phase 1 configuration:
1 Select the negotiation mode for Phase 1 from the drop-down
list.
You can use main mode only when both devices have static IP addresses.
If one VPN or both devices have IP addresses that are dynamically
assigned, you must use aggressive mode.
2 Enter the local ID and remote ID. Select the ID types—IP
Address or Domain Name—from the drop-down lists. Make sure
this configuration is the same as the configuration on the
remote device.
-If you select Main Mode and the remote ID type is IP Address,
this must be the remote gateway’s IP address.
-If you select Aggressive Mode and the remote gateway is
static, set the remote ID type to IP Address. If the local
gateway is static, set the local ID type to IP Address.
If the remote gateway is dynamic, set the local ID type to
Domain Name. If the remote gateway is dynamic and uses
dynamic DNS, set the remote ID type to Domain Name and the
remote ID to the DNS name.
3 Select the type of authentication from the Authentication
Algorithm drop-down list.
The options are MD5-HMAC (128-bit authentication) or SHA1-HMAC
(160-bit authentication).
4 From the Encryption Algorithm drop-down list, select the type
of encryption.
The options are DES-CBC or 3DES-CBC.
5 Type the number of kilobytes and the number of hours until the
IKE negotiation expires.
6 Select the group numbr from the Diffie-Hellman Group drop-
down list. WatchGuard supports group 1 and group 2.
Diffie-Hellman groups securely negotiate secret keys through a public
network. Group 2 is more secure than group 1, but requires more
processing power and more time.
7 Select the Generate IKE Keep Alive Messages checkbox to help
detect when the tunnel is down.
Select this checkbox to send short packets across the tunnel at regular
intervals. This helps the two devices to determine that the tunnel still
works securely. If the Keep Alive packets get no response after three
attempts, the Firebox X Edge does a rekey to start the tunnel again.