Tuesday, September 3, 2019

Watchguard BOVPN basic questions

I apologize if these are basic questions, but I wear many hats at my company and some fit better than others.

We have a rack of co-located web and db servers at a remote location. We use an M270 as a firewall to protect those assets as the web sites are publicly available. The WAN is a /30 from the co-location company and the LAN is a /28 of public IPs.

I added a T55 to our office and want to create a BOVPN between our office and our colo so that when files are transferred between office and web/db servers, or our web administration is accessed, or RDP is used the connection is encrypted.

My questions are this. Is only traffic between A and B routed through the tunnel? In other words, I don't want ALL traffic from our office (T55) sent through the BOVPN - just traffic to and from the M270's /28 network. And vice versa - I don't want thousands of daily web site visitors routed through the T55. Watchguard support suggested that I set it up so that the config is <=====>.

2nd question is what happens if the BOVPN is down? Do we (T55) lose connectivity to our assets (M270) or will the Watchguards detect that it's down and route traffic normally through the public internet? When I apply the config locally to the T55 will I lose all connectivity to the M270 (so I must configure the M270 first and then trust that when I save changes to the T55 it will work)?



No comments:

Post a Comment