User guide
Configuring Virtual Private Networks
130 WatchGuard Firebox X Edge
The last part of this chapter includes Frequently Asked Questions
and information on how to keep the VPN tunnel operating correctly
and see VPN tunnel statistics. These last sections can help you trou-
bleshoot the VPN tunnel.
For more information on VPN tunnels, see the Advanced FAQs:
https://www.watchguard.com/support/advancedfaqs
What You Need to Create a VPN
Before you configure your WatchGuard® Firebox® X Edge VPN net-
work, read these VPN requirements:
• You must have two Firebox X Edge devices or one Firebox X
Edge and a second device that uses IPSec standards. Examples
of these devices are a Firebox III, Firebox X Core, Firebox X Peak,
or a Firebox SOHO 6. You must enable the VPN option on the
other device if it does not have the option.
• You must have an Internet connection.
• The ISP for each VPN device must let IPSec go across their
networks.
Some ISPs do not let you create VPN tunnels on their networks
unless you upgrade your Internet service to a level that supports
VPN tunnels. Speak with the ISP to make sure they let you use
these ports and protocols:
- UDP Port 500 (Internet Key Exchange or IKE)
- UDP Port 4500 (NAT traversal)
- IP Protocol 50 (Encapsulating Security Payload or ESP)
• If the other side of the VPN tunnel has a WatchGuard Firebox III
or Firebox X, you can use the Managed VPN option. Managed
VPN is easier to configure than Manual VPN. You must get
information from the administrator of the Firebox on the other
side of the VPN to use this option.
• You must know if the IP address assigned to your Edge’s
external interface is static or dynamic. To learn about IP
addresses, see Chapter 2, “Installing the Firebox X Edge.”
• Your Edge model tells you the number of VPN tunnels that you
can create on your Edge. You can purchase a model upgrade for