Configure the firewall's VPN settings for configuration 2

If you have already configured VPN settings for the firewall engine, there is no need to change any of the settings.

  For more details about the product and how to configure features, click Help or press F1.


  1. Right-click the Firewall element, then select Edit Single Firewall or Edit Firewall Cluster.
  2. If the firewall has a dynamic IP address on an interface that faces the Internet, configure the Phase 1 ID value.
    1. In the navigation pane on the left, browse to VPN > End-Points.
    2. Double-click the endpoint in the table.
    3. In the Phase 1 ID section at the bottom of the dialog box, change the ID Type to E-mail.
    4. Type in an email address in the ID value field and click OK. This email address can be any address that is not used as an ID in any of your other endpoints.
      The address entered here is used only as an identification, not for sending email.
  3. In the navigation pane on the left, browse to VPN > Sites.
    • The Sites represent the addresses that are routable through the VPN. Sites do not grant any host access directly. The Access rules define the allowed connections.
    • Leave the Add and update addresses based on routing option selected. This option automatically updates this information based on routing changes. You can exclude some interfaces while keeping the others automatically updated as explained in the next step.
  4. (Optional) Select the internal networks that you want to exclude from the VPN by disabling the interface they are under in the automatic site. Disabled interfaces are grayed-out.
    • If you want to include some individual network that is under an otherwise disabled interface, drag and drop it from under the disabled interface onto the Site element. The element is copied to the higher level. The copied definition is not updated automatically.
    • The Sites must include only internal networks. Do not add interfaces with the Any Network element to this type of VPN.
  5. To use NAT to translate the IP addresses of the hosts that make connections through this VPN, drag and drop the networks for the translated addresses on top of the (top-level) automatic Site element on the right.
  6. Click Save.