User guide
Managed VPN: With a Firebox III or Firebox X and WatchGuard System Manager 7.3
User Guide 135
5 Click Submit.
Managed VPN: With a Firebox III or Firebox X and
WatchGuard System Manager 7.3
You can configure a VPN on the Firebox® X Edge with two different
methods: Managed VPN and Manual VPN. This section tells you
how to use Managed VPN, or DVCP. For information on creating a
Manual VPN, see “Manual VPN: Setting Up Manual VPN Tunnels”
on page 140.
Dynamic VPN Configuration Protocol (DVCP) is the WatchGuard®
protocol that you can use to create IPSec tunnels easily. The DVCP
server does the VPN tunnel configuration. You use the name Man-
aged VPN because the DVCP Server manages the VPN and sends the
VPN configuration to your Edge. This makes the Edge administra-
tor’s task easy because you must type only a small quantity of infor-
mation into the Edge configuration pages.
You can use only a Firebox III or Firebox X Core model as a DVCP
server. The Firebox X Edge cannot be a DVCP Server. When your
Firebox X Edge uses DVCP to get its VPN configuration, your Edge is
a client of a DVCP server Firebox in a client-server relationship. The
Edge gets all of its VPN configuration from the DVCP Server Fire-
box.
DVCP servers are of two types:
• Basic DVCP - All Firebox III and Firebox X Core models can be a
Basic DVCP server. The Firebox X Edge cannot be a Basic DVCP
server.
• VPN Manager - Firebox III 1000 or above and Firebox X Core
model X700 or higher Fireboxes can be VPN Manager DVCP
Servers. VPN Manager is an advanced version of Basic DVCP.
The Firebox III or Firebox X administrator can manage your
Edge from the VPN Manager interface.
For more information, see the FAQ:
https://www.watchguard.com/support/advancedFAQs/
basicdvcp_whatis.asp