This article will help you establish a site-to-site IPsec connection between Timus Networks and Watchguard Firewall. 

Watchguard Configuration for Timus: 

1. Go to VPN->Branch Office VPN ->Add a Gateway

2. In the Gateway Name, enter a name to identify the gateway (e.g., WatchGuard_TimusNetworks).
   Select Pre-Shared Key as the credential method.
   
   

   
    

3. Still in the gateway page, click Add Gateway Endpoint.

4. Configure the Gateway Endpoint settings as follows:

    

   Local Gateway:

       Remote Gateway:

Note: No configuration is required under Advanced Settings.

5. Still in Gateway page, go to Phase 1 Settings and configure: 

• Version: IKEv2
• NAT Traversal: Enabled
• Dead Peer Detection: Enabled
• Type: Traffic-Based 
• Remove pre-defined Transform Settings
• Add a new Transform Setting. 
• Authentication: SHA1 or SHA-256
• Encryption: AES256-bit
• Key Group(default): Diffie-Hellman  Group 14 
• SA Lifetime: 28800 seconds (8 hours)  (Note: SA lifetime settings may not be visible in all configuration screens and can be applied via default VPN proposal settings depending on the Firebox configuration. )

6. Save all settings added in gateway configuration.
    
7. Still in the Branch Office VPN page, add a Tunnel. 

8. Configure the Tunnel.

• Name: Name your tunnel for proper identification e.g. WG_Timus
• Gateway: Select the gateway for this tunnel to use. In our example defined on gateway setup – Watchguard_TimusNetworks

9. Go to the Addresses tab, click Add to configure tunnel routes.

Local IP

• Type: Network IPv4
• Network IP: Your local subnet/24

Remote IP:

• Type: Network IPv4
• Network IP: Timus subnet / 24 
• Direction: bi-directional
• Disable broadcast routing over the tunnel 

10. Configure Phase 2 Settings

• Enable Perfect Forward Secrecy -> Diffie-Hellman Group 14
• Add IPsec Proposals -> ESP-AES256-SHA256
• SA Lifetime: 3600 seconds (1 hour)  (Note: SA lifetime settings may not be visible in all configuration screens and can be applied via default VPN proposal settings depending on the Firebox configuration.)

Note: No configuration is required under Multicast Settings.

 

Timus Configuration for Watchguard: 

1. Go to the Timus Manager -> Sites -> Create New

• Please note that you need to have a gateway to be able to create an IPsec tunnel(Connector)

2. After clicking on Create New, select Connector on top and enter an IPsec tunnel name, which is required.

3. Set Parameters as shown in the below example.

4. Set Miscellaneous settings

• Enabling Dead Peer Detection is highly recommended so when the IPsec tunnel gets down for some reason, it will automatically reconnect/re-establish connection. 
• Make sure to hit Save after configuring the details.
   

5. After saving, expand the gateway by clicking on the arrow down. Then click the 3 dots at the end of the row. After that, select View to add or edit the Phase 2 configuration. 

6. Click Create New Tunnel. This is the Phase 2 configuration of your IPsec.

7. Configure Phase 2.

Local Network: Defines internal network that are allowed to send traffic through the IPsec tunnel 

• Under Source, select a type:
  • Network for subnet-based entries (e.g., 192.168.249.0/24)
  • IP Address for single hosts (e.g., 192.168.249.75)

Remote Network: Defines the destination network at the end of the remote side of the tunnel 

• Select IP Address and choose or enter the subnet or host (e.g., 192.168.10.0/24 or 10.10.10.10/32).
• Click Add to confirm the entry.

8. Click Save after adding the configuration, then wait a few minutes for the IPsec tunnel to come online.

Updated May 11, 2026 19:33