Manage Server Licenses and Restrict VPN Tunnel Authentication Options
You can use WatchGuard System Manager (WSM) to manage the licenses for your Management Server. You can add or delete license keys, and see the current license key information, including how many devices your license keys allow you to manage. You can also force the Management Server to only use shared keys for VPN tunnel authentication.
For information about how to find all the license keys available for your Management Server, go to Find Your Management Server License Key.
Review Current License Key Information
- Start WatchGuard System Manager and Connect to Your Management Server with WSM.
The Management Server page appears. - In the Server Information section, click Manage Server Configuration.
Or, select File > Manage Server Configuration.
The Management Server Configuration dialog box appears.
- Add or Remove a License Key.
- Restrict the VPN Tunnel Authentication Method
- Click OK.
The License Agreement dialog box appears. - Click Yes.
Add or Remove a License Key
To add a license key:
- In the Management Server Configuration dialog box, click Add.
The Add License Key dialog box appears.
- In the License Key text box, type or paste the license key text.
- Click OK.
The license key you added appears in the License Keys window and the number of licensed devices is updated.
To remove a license key:
- In the License Keys list, select the license key to remove.
- Click Remove.
The license key is deleted from the License Keys window and the number of licensed devices is updated.
Restrict the VPN Tunnel Authentication Method
You can configure the Management Server to exclude IPSec certificates as the preferred authentication option for VPN tunnels and instead restrict the authentication method to shared keys. This prevents unnecessary certificate creation for devices that do not use a certificate for Branch Office VPNs and improves performance if you do not use certificates with your Branch Office VPN tunnels.
If your Management Server manages any VPN tunnels that use an authentication method other than shared keys, you cannot enable the option to restrict the VPN tunnel method. You must first change the authentication method for those tunnels to use shared keys.
To restrict the tunnel authentication method for VPN tunnels to shared keys:
Select the Limit tunnel authentication options to shared key check box.
When you select this option, in the Device Properties dialog box for all devices managed by the Management Server, on the IPSec Tunnel Preferences tab, the option in the Tunnel Authentication drop-down list is set to Shared Key and cannot be changed.
Review Information for Managed Devices