Adjust VPN-specific Site settings

Site elements allow you to adjust how the Site is used in each VPN.

Before you begin

You must have manually added Site elements to VPN Gateways or External VPN Gateways.

Note: To adjust settings for the automatic sites for VPN Gateway elements that represent NGFW Engines, use the Engine Editor.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Browse to Gateways.
  3. Expand the gateway, right-click a manually added Site, then select Properties.
  4. Click the VPN References tab.
  5. In the table, select or deselect the Enable option for the existing VPNs displayed to include or exclude the Site from the configuration.
    When a Site is disabled, it is grayed out.
    You can disable a Site that contains translated address in VPNs in which NAT is not used, or in which a different address space is used for translation.
  6. Select the Mode for the Site for each VPN in which it is enabled.
    • Normal mode is the default. Use this mode for all active Site elements that do not require one of the other two modes.
    • Hub mode is used on a hub gateway in tunnel-to-tunnel forwarding. Hub mode Sites contain the IP addresses of the networks that are behind the remote spoke gateways (the networks between which the hub gateway forwards traffic). The automatically generated Site cannot be used as a Hub Site.
    • (VPN Gateways on NGFW Engines only) Private mode is used for the local untranslated addresses when addresses are translated using NAT in the VPN. You must include the translated IP addresses (the addresses that the other end sees) as a Normal-mode Site element in these types of VPNs. If NAT is disabled in the VPN, any Sites in the Private mode are ignored.

VPN Site Properties dialog box

Use this dialog box to view the properties of the VPN Client Site.

Option Definition
Name Specifies the unique name of the element.
Comment Shows a comment for the element.
Search Opens a search field for the selected element list.
Up (Backspace) Returns to the previous folder.
New This option is not available in this dialog box.
Tools
  • Show Deleted Elements — Shows elements that have been moved to the Trash.
  • Expand All — Expands all levels of the interface tree.
  • Collapse All — Collapses all levels of the interface tree.
  • Refresh View — Updates the view.

Engine Editor – VPN – Sites

Use this branch to select the protected IP addresses that are behind the gateway.

Option Definition
Add and update IP addresses based on routing When selected, the site content updates automatically according to changes made in the routing configuration for the engine (for interfaces that are not disabled).
Note: When the option is not selected, you must manually define the addresses that you want to be routable through the VPN.
Search Opens a search field for the selected list.
Up Navigates up one level in the navigation hierarchy. Not available at the top level of the navigation hierarchy.
Tools
  • New — Creates an element of the specified type.
  • Show Deleted Elements — Shows elements that have been moved to the Trash.
Left pane Shows elements that you can add to the site definition.
Add Adds the selected element to the site content.
Remove Removes the selected element from the site content.
Search Opens a search field for the selected element list.
Up Navigates up one level in the navigation hierarchy. Not available at the top level of the navigation hierarchy.
New Creates an element of the specified type.
Tools
  • Expand All — Expands all levels of the status tree.
  • Collapse All — Collapses all levels of the status tree.
  • Refresh View — Updates the view.
Right pane Allows you to change the IP addresses that are included in the site definition.