Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X5000
21222324252627282930
Migration Guide 17
Migrating Basic DVCP Tunnels while setting up a Management Server
Migrating Basic DVCP Tunnels while setting up a Management Server
WatchGuard System Manager 8.0 provides a wizard that migrates your WFS DVCP server configuration to
the new WatchGuard management server. This wizard is called the Management Server Setup Wizard and
is launched from the WatchGuard toolbar in the Windows taskbar.
This wizard moves your DVCP server from your Firebox to a Windows based computer that you designate
as your management server. It also converts the Firebox you were using as a DVCP server into a gateway
Firebox that protects the management server from the Internet. Finally, it converts any basic DVCP tun-
nels connected to the gateway Firebox into regular tunnels. Basic DVCP tunnels are not supported in
WSM 8.0.
However, the Management Server Setup Wizard is not able to convert all the basic DVCP tunnels that you
have in your network. It only converts the tunnels that use the gateway Firebox as one of the endpoints.
These tunnels are isolated from the gateway Firebox. If you have any isolated basic DVCP tunnels in your
network, you need to use one of these two procedures to convert your tunnels so they are managed by
WSM 8.0.
Procedure #1
This workaround requires you to disable any isolated basic DVCP tunnels before using the Management
Server Setup Wizard.
1 Using the Policy Manager, remove the basic DVCP tunnel configuration at each endpoint (Firebox) for
the tunnel.
Do this for each Firebox that is an endpoint for an isolated tunnel.
2 Download the configuration to each Firebox and restart the Firebox.
3 Use the Management Server Setup Wizard to:
Move your DVCP server to your management server
Convert your old DVCP server into a gateway Firebox
Convert any Basic DVCP tunnels connected to the gateway Firebox to regular tunnels
4 Reestablish previously disabled tunnels.
5 Launch WatchGuard System Manager
6 Add each endpoint Firebox to the management server
7 Drag-n-drop a Firebox onto another Firebox to create a tunnel between the two firewalls.
8 Do this for each tunnel that needs to be reestablished.
Procedure
#2
This workaround allows you to minimize the downtime for your isolated Basic DVCP tunnels.
1 Acquire a VPN Manager license key with enough capacity to convert all of your Basic DVCP tunnels
to Advanced DVCP tunnels.
2 Install the license key into VPN Manager.
3 Use VPN Manager to convert all your Basic DVCP tunnels to Advanced DVCP tunnels.
Use the Management Server Setup Wizard to:
Move your DVCP server to your management server
Convert your old DVCP server into a gateway Firebox
Convert any Basic DVCP tunnels connected to the gateway Firebox to regular tunnels
All of your Advanced DVCP tunnels are converted to regular tunnels, regardless of whether or not
they use the gateway Firebox as an endpoint