Manage BOVPNs for Cloud-Managed Fireboxes
Applies To: Cloud-managed Fireboxes
A Branch Office Virtual Private Network (BOVPN) enables secure, encrypted connections between networks at geographically separated locations. You can configure a BOVPN between two cloud-managed Fireboxes in your WatchGuard Cloud account. You can also configure a BOVPN to any other Firebox or third-party VPN endpoint.
When you add, edit, or delete a BOVPN for a cloud-managed Firebox, the BOVPN configuration update is immediately deployed to cloud-managed Fireboxes.
To learn more, go to the Cloud-managed Firebox: Branch Office VPNs video tutorial (7 minutes).
You cannot add, update, or delete a BOVPN for a Firebox that has undeployed changes.
To see the status of the deployment, go to the Deployment History page for each Firebox. For more information, go to Manage Device Configuration Deployment.
Manage BOVPNs
You can manage BOVPNs for all Fireboxes in your account, or you can manage BOVPNs for a specific Firebox.
To manage BOVPNs for all cloud-managed Fireboxes in an account, from WatchGuard Cloud:
- Select the account name or a device in an account.
- Select Configure > VPNs.
The BOVPN page shows BOVPNs for all cloud-managed Fireboxes in the account.
To manage BOVPNs for a single cloud-managed Firebox, from WatchGuard Cloud:
- Select Configure > Devices.
- Select the Firebox.
- Select Device Configuration.
- Click the Branch Office VPN tile.
The BOVPN page shows BOVPNs for the selected Firebox.
Add a BOVPN
To add a BOVPN, from either BOVPN page:
- Click Add BOVPN.
- In the Name text box, type a name for the BOVPN.
- From the Address Family drop-down list, select IPv4 Addresses or IPv6 Addresses.
If you select IPv6 Addresses, the other BOVPN endpoint must be configured to support IPv6. - Select the type of device the cloud-managed Firebox will connect to:
WatchGuard Cloud-Managed Firebox
Select this option to configure a BOVPN between two cloud-managed Fireboxes in the same WatchGuard Cloud account. This option creates a shared BOVPN configuration for both devices. When you save the BOVPN, the BOVPN configuration is automatically deployed for both Fireboxes to download.
For more information, go to Configure a BOVPN Between Cloud-Managed Fireboxes.
This option is only for a BOVPN between Fireboxes in the same account. To create a BOVPN between Fireboxes in different accounts, select Locally-Managed Firebox or third-party VPN endpoint and configure the VPN separately in each account.
Locally-Managed Firebox or third-party VPN endpoint
Select this option to configure a route-based BOVPN between a cloud-managed Firebox and any other VPN endpoint. The remote VPN endpoint could be any of these types:
- Third-party VPN endpoint
- Locally-managed Firebox
- Cloud-managed Firebox in a different WatchGuard Cloud account
For this type of BOVPN configuration, you must configure security settings that the endpoints use to negotiate a secure connection. You must also configure the same settings on the remote endpoint. When you save the BOVPN, the BOVPN configuration is automatically deployed for the cloud-managed Firebox to download.
For more information, go to Configure a BOVPN to a Locally-Managed Firebox or Third-Party VPN Endpoint.
Edit a BOVPN
When you update a BOVPN, the configuration change is immediately deployed to cloud-managed Fireboxes. You can see the status of the deployment on the Deployment History page.
You cannot save changes to a BOVPN for a Firebox that has undeployed changes.
To edit a BOVPN, from the BOVPN page:
- Click the name of the BOVPN.
- Edit the VPN settings.
- Click Update.
Changes deploy automatically to cloud-managed Fireboxes.
Delete a BOVPN
When you delete a BOVPN, the configuration change is immediately deployed to cloud-managed Fireboxes. You can see the status of the deployment on the Deployment History page.
You cannot delete a BOVPN for a Firebox that has undeployed changes.
To delete a BOVPN, from the BOVPN page:
- On the line for the BOVPN you want to delete, click .
- Click Delete.
Changes deploy automatically to cloud-managed Fireboxes.
BOVPNs and Device Removal
If you configure a BOVPN between two cloud-managed devices, and then remove one device from cloud management, the BOVPN configuration becomes invalid because it has only one endpoint. You can view and delete the BOVPN, but you cannot edit it. Before you delete the BOVPN, remove references to the BOVPN in the configuration of the other Firebox.
Monitor VPNs on Fireboxes and FireClusters