Multiple BOVPN-VI Tunnels + Forcing All Traffic

Hello all,

Hoping one of you super smart folk have some insight here - I'm currently looking at picking up a couple of T45-CWs for some remote mobile sites, and as far as I can tell there isn't any documentation for my scenario, and i don't have any spare equipment to play around with before pulling the trigger.

I'd like to add two devices, and have them BOVPN (virtual interfaces) back to HQ, and have both force all traffic through the tunnel so they use the outgoing proxies at HQ.

1) Do BOVPN-VIs support this? The documentation (as far as I can tell) only speaks to manual BOVPN tunnels.

2) If so, presumably adding the 0.0.0.0/0 route in the remote side of the tunnel would route everything through the VI - but what does the HQ side configuration look like? I'm guessing just the routes to the remote subnets are required in the VI configuration, but what policies (if any) are required?

Cheers!
-Chris

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Chris_Kelley

    1. VIFs support this. On the side you want to be forced across the VPN you'd just put the route as 0.0.0.0/0, and on the main site you'd put the network route at that site so the traffic can get back (10.0.1.0/24, for example.)

    2. Yes. Policies are covered by the BOVPN allow in/out rules that are generated by default. The only reason you'd need to make a new rule is if you uncheck the box to include that tunnel's traffic in those policies.

    -James Carson
    WatchGuard Customer Support

  • Thank ye kindly sir :)

Sign In to comment.