Adjust VPN-specific Site settings for External VPN Gateways

Site elements allow you to adjust how the Site is used in each VPN.

Before you begin

You must have manually added Site elements to External VPN Gateways.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Browse to VPN Gateways.
  3. Expand the gateway, right-click a manually added Site, then select Properties.
  4. On the VPN References tab, select or deselect Enable for the existing VPNs shown in the table to include or exclude the Site from the configuration.
    When a Site is disabled, it is grayed out.
    You can disable a Site that contains translated address in VPNs in which NAT is not used, or in which a different address space is used for translation.
  5. In the Mode cell, select the mode for the Site for each VPN in which it is enabled.
    • Normal mode is the default. Use this mode for all active Site elements that do not require one of the other two modes.
    • Hub mode is used on a hub gateway in tunnel-to-tunnel forwarding. Hub mode Sites contain the IP addresses of the networks that are behind the remote spoke gateways (the networks between which the hub gateway forwards traffic). The automatically generated Site cannot be used as a Hub Site.
    • (VPN Gateways on NGFW Engines only) Private mode is used for the local untranslated addresses when addresses are translated using NAT in the VPN. You must include the translated IP addresses (the addresses that the other end sees) as a Normal-mode Site element in these types of VPNs. If NAT is disabled in the VPN, any Sites in the Private mode are ignored.

External VPN Gateway Properties dialog box

Use this dialog box to define the properties of an External VPN Gateway element.

Option Definition
General tab
Name Specifies the unique name of the element.
Gateway Profile Shows the selected gateway profile.
Select Opens the Select Element dialog box.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Endpoints tab
Search Opens a search field. Enter a search parameter to locate an endpoint. Clicking X removes the search field.
New External Endpoint — Adds an external endpoint IP address. Opens the External Endpoint Properties dialog box.
Tools
  • Expand All — Expands all elements.
  • Collapse All — Collapses all elements.
  • Refresh View — Updates the element list.
  • Remove — Removes the selected row from the table.
Add Opens the External Endpoint Properties dialog box.
Edit Opens the External Endpoint Properties dialog box for the selected endpoint.
Remove Removes the selected endpoint from the list.
Option Definition
Sites tab
Search Opens a search field for the selected element list.
Up (Backspace) Navigates up one level in the navigation hierarchy. Not available at the top level of the navigation hierarchy.
Tools
  • New — Creates an element of the specified type.
  • Show Deleted Elements — Shows elements that have been moved to the Trash.
Add Adds the selected element to the content list.
Remove Removes the selected element from the content list.
Content Shows the selected elements.
Option Definition
Trusted CAs tab
Trust All The gateway accepts any valid CA that is configured, unless restricted in the VPN element.
Trust only selected Only selected CAs are accepted. Select the CAs that the Gateway must trust.