Solved

Securing a 2012 Hosted Dedicated Server with IPSEC & Watchguard

Posted on 2013-10-31
3
643 Views
Last Modified: 2013-11-06
Hello,
We have a client with a Watchguard firewall (XTM810) at two offices.  They use a branch office VPN via IPSec to connect to the other office.  They have now purchased a dedicated server running windows 2012 from a cloud ISP which appears to be sat directly on the internet.

How do we make this server appear on the internal network securely?

Is it possible for Server 2012 to have an IPSec tunnel setup that activates when the server is booted up creating a VPN with the Watchguard firewall?

I can see how to create the new connection via a dial on demand style connection but this wont be ideal as it needs to be always on without manually dialling the link if the server reboots for example.

Is there a way to set this up via a NPA server?

Any suggestions appreciated.

Thanks
0
Comment
Question by:cloughs
  • 2
3 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39615382
One of the options available in the GUI when defining the connection is to enable a "persistent" connection. This will basically cause the connection to dial immediate instead of waiting for a connection request that would trigger an on-demand dial-out.

Now with that said, the last time I worked with watchguard UTMs, their IPSec implementation was *not* compatible with Windows Server directly. So in that regard, you may need to set up a server on both ends of the connection. It is possible though that Watchguard finally addressed this in the latest versions of FireWare. But be prepared for that.

-Cliff
0
 
LVL 1

Author Comment

by:cloughs
ID: 39615392
Hi Cliff,
Are you talking via the Connect to a Network function or the NAP server route?

Thanks
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39615466
For site to site VPNs, you'd want to use the "routing and remote access" role. Technet has a ton of documentation on how to configure this role. Some of it hasn't been updated for 2012 yet, so dig into 2008 R2 as well. The setup is similar, as many of those settings haven't been pulled into server manager yet.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question