Follow these steps for each NGFW Engine that is used as a VPN gateway.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click the Firewall element, then select
Edit Single Firewall or
Edit Firewall Cluster.
-
Browse to .
-
(Optional) Change the selection of IP addresses that you want to use as endpoints in VPNs.
- Typically, these are IP addresses that belong to interfaces toward the Internet, which are automatically selected based on the firewall’s default routing table.
- If loopback IP addresses are defined for the NGFW Engine, you can select a loopback IP address as the endpoint IP address. On clustered
firewalls, the IP addresses are CVIs.
- (Optional) If you have more than one Internet connection, select an IP address from each ISP.
-
In the navigation pane on the left, browse to .
The Sites represent the addresses that are routable through the VPN. Sites do not grant any host access directly. The Access rules define the allowed
connections.
-
(Optional) Select the internal networks that you want to exclude from the VPN by disabling the interface they are under in the automatic site.
Disabled interfaces are grayed-out.
- If you want to include some individual network that is under an otherwise disabled interface, drag and drop it from under the disabled interface onto the Site element. The
element is copied to the higher level. The copied definition is not updated automatically.
- The Sites must include only internal networks. Do not add interfaces with the Any Network element in this type of VPN.
-
Click Save.
Next steps
Create a Policy-Based VPN element.