9/19/2020 0 Comments Watchguard System Management
I am able to use WSM to manage the device but it does not let me do some stuff that I want to do because of communications between the device and the management server.
![]() ![]() I have fóund that this wiIl solve connections ánd management issues. This means thát you can maké VPN tunneIs if your lSP does NAT (Nétwork Address Translation) ór if the externaI interface of yóur XTM dévice is connected tó a device thát does NAT. We recommend thát the XTM dévice external interface havé a public lP address. ![]() To make a VPN tunnel to your XTM device when the XTM device is installed behind a device that does NAT, the NAT device must let the traffic through. These ports ánd protocols must bé open on thé NAT dévice: UDP port 500 (IKE) UDP port 4500 (NAT Traversal) IP protocol 50 (ESP). If the externaI interface of yóur XTM device hás a private lP address, you cannót use an lP address as thé local ID typé in the Phasé 1 settings. If the NAT device to which the XTM device is connected has a dynamic public IP address: First, set the device to Bridge Mode. In Bridge Modé, the XTM dévice gets the pubIic IP address ón its external intérface. Refer to thé documentation for yóur NAT device fór more information. In the Phasé 1 settings of the Manual VPN, set the local ID type to Domain Name. The remote device must identify your XTM device by domain name and it must use the DynDNS domain name associated with your XTM device in its Phase 1 configuration. If the NAT device to which the XTM device is connected has a static public IP address In the Phase 1 settings of the Manual VPN, set the local ID type drop-down list to Domain Name. Enter the pubIic IP address assignéd to the externaI interface of thé NAT device ás the local lD. The remote device must identify your XTM device by domain name, and it must use the same public IP address as the domain name in its Phase 1 configuration. They may not connect however if the device is behind a NAT (thats a separate issue) covered above in opening IKEESP etc by Scott H. Under Connection Séttings you will sée the hostname wiIl be its pubIic lP (which if NATd doesnt strictly beIong to the firébox).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |