WSM User Guide - WatchGuard Technologies

Making Tunnels Between Devices3 To set the end date for a key, select the Force key expiration check box, and then select thekilobytes or hours until the expiration.If you give two values, the key stops at the event that comes first.The security template is configured. You can select it in the VPN wizard when you make a VPN tunnel with thatdevice.4 Click OK.Making Tunnels Between DevicesYou can configure a tunnel with the drag-and-drop procedure or the Add VPN wizard.Using the drag-and-drop procedureDynamic Fireboxes and Firebox® X Edge or SOHO devices must have networks that are configuredbefore you can use this procedure. You must also get the policies from any new dynamic devices beforeyou configure drag-and-drop tunnels (use the procedure “Get the current resources from a device” onpage 238 to do this).On the Device Management tab:1 On one of the tunnel endpoints, click the device name. Drag-and-drop the name to the devicename at the other tunnel endpoint.The Add VPN wizard starts.2 Click Next.3 The gateway devices screen shows the two endpoint devices you selected with drag-and-drop, andthe VPN resource that the tunnel uses. If the endpoints are not shown, select them on this screen.4 From the drop-down list, select a VPN resource for each device.A VPN resource is an IP address or network address to which VPN users can securely connect.The drop-down list shows the VPN resources that you added to WatchGuard System Manager. If a VPN endpointdevice has a static IP address, the Management Server automatically creates a default VPN resource for the devicethat includes all trusted networks. If the trusted network behind the device has many routed or secondary networksconfigured, some users prefer to create a custom template to restrict the resources available through the VPN tunnel.5 Click Next.The wizard shows the Security Policy dialog box.6 Select the security template applicable for the type of security and type of authentication to use forthis tunnel.The list shows the templates you added to the Management Server.7 Click Next.The wizard shows the configuration.8 Select the Restart devices now to download VPN configuration check box. Click Finish to startthe devices again and deploy the VPN tunnel.Using the Add VPN wizard without drag-and-dropTo use the Add VPN wizard to create tunnels:1 From the Device Management tab, select Edit > Create a new VPN or click the CreateNew VPN icon.This starts the Add VPN wizard.2 Click Next.The wizard shows two lists that each show all the devices registered in the Management Server.240 WatchGuard System Manager