WIreGuard VPN on NG Firewall in bridge mode


If your NG Firewall is in bridge mode, it is not serving as the edge device in your network. This means that some additional configuration is necessary to use it as a WireGuard VPN host.


Configure NGFW's Public Address

Since your NGFW's external interface will have a private address, it can't be reached directly via the Internet. Go to Config > Network > Hostname and change the default setting to 'Use manually specified address'. Fill in the IP/Hostname field with the public IP address or hostname of the network's edge device.

If you have not changed the NGFW's HTTPS Service Port setting, leave the Port field set to 443. If you have changed the Service Port, use the appropriate port in this field.

Public Address Configuration Example


Download & deploy WireGuard client config files

See this article for the complete process: Setting up WireGuard VPN on roaming devices. If you have deployed these client config files before, you must re-download them after making the above change to NGFW's public address.


Configure port forwarding on the upstream router

Finally, you will need to configure a port forward on the upstream device to forward UDP port 51820 to your NGFW's external interface IP, found in Config > Network > Interfaces.

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk