WIreGuard VPN on NG Firewall in bridge mode
Overview
If your NG Firewall is in bridge mode, it is not serving as the edge device in your network. This means that some additional configuration is necessary to use it as a WireGuard VPN host.
Configure NGFW's Public Address
Since your NGFW's external interface will have a private address, it can't be reached directly via the Internet. Go to Config > Network > Hostname and change the default setting to 'Use manually specified address'. Fill in the IP/Hostname field with the public IP address or hostname of the network's edge device.
If you have not changed the NGFW's HTTPS Service Port setting, leave the Port field set to 443. If you have changed the Service Port, use the appropriate port in this field.
Download & deploy WireGuard client config files
See this article for the complete process: Setting up WireGuard VPN on roaming devices. If you have deployed these client config files before, you must re-download them after making the above change to NGFW's public address.
Configure port forwarding on the upstream router
Finally, you will need to configure a port forward on the upstream device to forward UDP port 51820 to your NGFW's external interface IP, found in Config > Network > Interfaces.
Follow
Comments
0 comments
Please sign in to leave a comment.