Temporarily disable a VPN site in all VPNs

You can disable a site that has been manually added to the Gateway. The site is disabled globally in all VPNs.

To remove the automatic site from an NGFW Engine that acts as a VPN Gateway, disable automatic VPN site management. There must be at least one enabled site.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Open the list of sites for the gateway in one of the following ways:
    • Right-click an NGFW Engine, select Edit <element type>, then browse to VPN > Sites.
    • Browse to SD-WAN > VPN Gateways, double-click the External VPN Gateway element, then click the Sites tab.
  3. Right-click the site, then select Properties.
  4. On the VPN References tab, deselect the Enable cell.
  5. Click OK.
  6. Save the changes in one of the following ways:
    • In the Engine Editor, click Save and Refresh.
    • In the External VPN Gateway Properties dialog box, click OK.

Next steps

If you edited a previously configured VPN, refresh the policy on all affected gateways to transfer the changes. The configurations of external gateways might also require an update.

VPN Site Properties dialog box

Use this dialog box to view or edit the properties a VPN site.

Option Definition
General tab
Name The name of the element.
Comment An optional comment for your own reference.
Search Opens a search field for the selected element list.
Up (Backspace) Returns to the previous folder.
New This option is not available in this dialog box.
Tools
  • Show Deleted Elements — Shows elements that have been moved to the Trash.
  • Expand All — Expands all levels of the interface tree.
  • Collapse All — Collapses all levels of the interface tree.
  • Refresh View — Updates the view.
VPN References tab
VPN Shows the VPNs where this site is used.
Enable When selected, the site is enabled in the specified VPN.
Mode Defines the mode for the Site for each VPN in which it is enabled.
  • Normal — Use this mode for all active Site elements that do not require one of the other two modes.
  • Private — (VPN Gateways on NGFW Engines only) Use this mode for the local untranslated addresses when addresses are translated using NAT in the VPN. You must include the translated IP addresses (the addresses that the other end sees) as a Normal-mode Site element in these types of VPNs. If NAT is disabled in the VPN, any Sites in the Private mode are ignored.
  • Hub — Use this mode on a hub gateway in tunnel-to-tunnel forwarding. Hub mode Sites contain the IP addresses of the networks that are behind the remote spoke gateways (the networks between which the hub gateway forwards traffic). The automatically generated Site cannot be used as a Hub Site.