Connecting two offices using Watchguard Firewalls.

Posted on 2007-10-05
Last Modified: 2013-11-16
Hello All,

We are planning on connecting a new smaller office to our main office using Watchguard firewalls. We currently have a Firebox x700 at our main and we plan to purchase a Firebox X20e-W for the new location. How would I need to go about the configuration so that the two offices are connected and would I need any additional software that I am unaware of.

Question by:toddpotter
    LVL 32

    Accepted Solution

    You can create a site-to-site VPN tunnel between the two offices, called BOVPN in WG terms. You would need static IP at the end where you have x700; at X20e-W you can have static or dynamic IP.
    If you have static IPs at both ends then you can create a Manual VPN tunnel; if dynamic at X20e-W then also you can create VPN without purchasing any DNS or FQDN by using DVCP on the WG.

    If you have VPN Manager [called management server from WSM/WFS version 8.3.1 or higher]; then you get a wizard to configure VPNs for you.

    By default X20e-W comes with default 15 BOVPN licenses; X700 comes with default 100 BOVPN licenses.

    Please let me know if you need any specific steps in configuring the VPN tunnels.

    Thank you.
    LVL 13

    Expert Comment

    Could I just add that you do not need VP Manager or DVCP to connect a site with dynamic IP to your main site. I have a couple of sites using dynamic addressing and connecting via manual IPSec VPN just fine.  You just set the remote gateway to use domain name to authenicate and choose a shared 'name', a nice long shared secret and set the remote gateway type to aggressive.  The only downside is that the tunnel must be initiated from the remote end and you need a keepalive to keep the tunnel open.  The Edge has a VPN keepalive option to achieve this.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now