Watchguard IPSEC policy

Technical Information
Technical Information used Ask the Experts™
on
I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Systems Manager
Commented:
Create a custom packet filter with the required ports for IPSEC vpn (https://www.itprotoday.com/security/q-what-firewall-ports-should-we-open-make-ipsec-work-through-our-firewalls).

Then with this custom packet filter create a policy from the internal network the customer is on to the external IP address of the hosted server (assume it's static - if not you may need to do it to any-external or dns name if it uses dynamic dns).

If it doesn't work get the customer to try to connect and look at the traffic log for unhandled packets from that network.
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
Where is the IPSec tunnel terminating? On the M270 or on the server?

If you're using the Mobile VPN with IPSec on the M270, you'll need to configure the policy in the Mobile VPN with IPSec Policies section. This is a legacy setup and should be phased out. All other VPN methods on the M270 will be processed through the normal firewall policies. Look into changing over to the SSL VPN or IKEv2 for mobile clients.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial