cloughs
asked on
Securing a 2012 Hosted Dedicated Server with IPSEC & Watchguard
Hello,
We have a client with a Watchguard firewall (XTM810) at two offices. They use a branch office VPN via IPSec to connect to the other office. They have now purchased a dedicated server running windows 2012 from a cloud ISP which appears to be sat directly on the internet.
How do we make this server appear on the internal network securely?
Is it possible for Server 2012 to have an IPSec tunnel setup that activates when the server is booted up creating a VPN with the Watchguard firewall?
I can see how to create the new connection via a dial on demand style connection but this wont be ideal as it needs to be always on without manually dialling the link if the server reboots for example.
Is there a way to set this up via a NPA server?
Any suggestions appreciated.
Thanks
We have a client with a Watchguard firewall (XTM810) at two offices. They use a branch office VPN via IPSec to connect to the other office. They have now purchased a dedicated server running windows 2012 from a cloud ISP which appears to be sat directly on the internet.
How do we make this server appear on the internal network securely?
Is it possible for Server 2012 to have an IPSec tunnel setup that activates when the server is booted up creating a VPN with the Watchguard firewall?
I can see how to create the new connection via a dial on demand style connection but this wont be ideal as it needs to be always on without manually dialling the link if the server reboots for example.
Is there a way to set this up via a NPA server?
Any suggestions appreciated.
Thanks
ASKER
Hi Cliff,
Are you talking via the Connect to a Network function or the NAP server route?
Thanks
Are you talking via the Connect to a Network function or the NAP server route?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Now with that said, the last time I worked with watchguard UTMs, their IPSec implementation was *not* compatible with Windows Server directly. So in that regard, you may need to set up a server on both ends of the connection. It is possible though that Watchguard finally addressed this in the latest versions of FireWare. But be prepared for that.
-Cliff