Build a VPN from a Watchguard to Google Cloud Platform

Build a VPN from a Watchguard to Google Cloud Platform

Configure VPN in Google Cloud Platform

At first we want to configure the VPN in the Google Cloud Platform.
You can find the VPN setting in the compute / network section.

Google Compute Engine-VPN-Gateway

It’s easy to create a site-2-site to a watchguard. All you need is

  1. Name for the Gateway
  2. a local network
  3. the region
  4. and a static ip


You can create one or more tunnel per gateway.

The following information is required:

  1. Remote IP (IP Address of the WAN interface)
  2. IKE Version (since Fireware 11.11.2 Watchguard support IKEv2)
  3. Shared Secret
  4. Remote network (e.g.
  5. Local network (Chose one of your gce networks e.g.

Well done, we’ve create the VPN at the first site. Time to configure the watchguard.


Configure the Watchguard

You can use the webinterface or the watchguard system manager to configure a branch office vpn. I prefer the system manager. So we start with the system manager.

Watchguard System Manager

You can download the latest version on

Branch Office Gateway

Open the Policy Manager and create a Branch Office Gateway.

What you need:

  1. Pre-SharedKey
  2. Local Gateway IP Address
  3. Remote Gateway IP
  4. Gateway ID for tunnel authentication (is the remote IP)

For further information about the supported IKE ciphers pelase see the google compute engine documentation 

Branch Office Tunnel

Tags: , , , , , ,

One Comment to "Build a VPN from a Watchguard to Google Cloud Platform"

  1. sagt:

    Thanks for finally talking about >Build a VPN from a Watchguard
    to Google Cloud Platform – querblick IT <Loved it!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Nerd Shirt - T-Shirts für IT'ler, Admins und Programierer