Configuring Perimeter 81 Site-To-Site with WatchGuard Firebox

The following procedure demonstrates how to configure a VPN tunnel on the FortiGate devices using the management interface. Please follow the steps below:

Configure an IPSec Tunnel at the Perimeter 81 Management Portal
 1. Under Network in the Management Portal on the left side, select the name of the network in which you'd like to set the tunnel.

2. Locate the desired gateway, select the three-dotted menu (...).

3. Select Add Tunnel and then IPSec Site-2-Site Tunnel.

Screen_Shot_2019-08-27_at_14.06.15.pngThe following window will display:

Screen_Shot_2019-09-22_at_13.54.18.png4. In the General Settings section fill in the following information:

  • Name: Choose whatever name you find suitable for the tunnel
  • Shared Secret: Insert a string of your own or use Generate
  • Public IP: Insert the public IP of the firewall (you can copy it from the Fireware Web UI URL)
  • Remote IP: Insert the public IP of the firewall (same address as above)
  • Perimeter 81 Gateway Proposal Subnets: by default, this should be set to 
  • Remote Gateway Proposal Subnets: or specify according to your customized settings


Screen_Shot_2019-09-22_at_14.01.27.pngIn the Advanced Settings section fill in the following information:

  • Diffie-Hellman Groups (Phase 1): 2
  • Diffie-Hellman Groups (Phase 2): 2

Leave the rest of the fields with the default values (as shown in the attached screenshot).

 Configure the Tunnel at the WatchGuard Management Interface (Fireware Web UI)

1. Open Fireware Web UI.

2. In the left panel, select VPN, then Branch Office VPN. 
3. Under Gateways select ADD. The following window will open (make sure that you're in the General Settings tab):


4. Under Gateway Name fill in an indicative name of your own choice.

5. Select Use Pre-Shared Key and insert the Shared Secret you selected or generated while defining the tunnel in the Perimeter 81 management platform.

6. Under Gateway Endpoint select ADD.

7. Fill in the following information:

  • Local Gateway
    • External Interface: External
    • Interface IP Address: Primary Interface IP Address


  • Remote Gateway
    • Static IP Address and enter your gateway IP.
    • Select By IP Address and enter your gateway IP.

  • Advanced
    • Select Specify a different pre-shared key for each gateway endpoint and enter the Shared Secret.

Leave the rest of the fields with the default values.


8. Go to the Phase 1 Settings tab and fill in the following information:

  • Version: IKEv1
  • Mode: Main
  • NAT Traversal: Tick; Keep-alive Interval: 20 seconds
  • IKE Keep-alive: Tick; Message Interval: 30 seconds; Max failures: 5
  • Dead Peer Detection (RFC3706): Tick; Traffic idle timeout: 20 seconds; Max retries: 5

9. Go to the Transform Settings and select ADD. Fill in the following information:

  • Authentication: SHA2-256
  • Encryption: AES(256-bit)
  • SA Life: 24 hours
  • Key Group: Diffie-Hellman Group 2 

10. Go back to the Branch Office VPN page. Under Tunnel select ADD.

  • Name: Fill in an indicative name of your choice.
  • Gateway: Choose the gateway that you have just created.

11. Go to the Addresses tab and select ADD.

  • Local IP: Any (
  • Remote IP: Network IPv4; (or the customized subnet you entered while creating your Perimeter 81 network).
  • Direction: bi-directional

Leave the rest of the fields with default values (including the NAT tab)



12. Go to the Phase 2 Settings:

13. Check Enable Perfect Forward Secrecy and select Diffie-Hellman Group 2.

14. Under IPSec Proposals choose ESP-AES256-SHA256 then select ADD.

15. Select Save (no need to customize the settings in the Multicast Settings tab).

Make sure the Tunnel is Up

1. At the Fireware Web UI, go to System Status -> VPN Statistics --> Branch Office VPN. If the tunnel is active, the line will appear at the table as shown below:


If you experience a different result, make sure you carefully went through all the steps; however, in case the issue persists please contact our support team.

0 out of 0 found this helpful



Please sign in to leave a comment.