Defining VPN gateways

VPN Gateway and External VPN Gateway elements represent the physical devices that establish the VPN in the configuration.

VPN Gateway elements represent NGFW Engines that are managed by the Management Server (and administrative Domain) you are currently connected to with your Management Client. One VPN Gateway element is automatically created for each Forcepoint NGFW in the Firewall/VPN role. You can optionally add more VPN Gateways to the Firewall.

All other gateway devices are represented by External VPN Gateway elements. NGFW Engines that are managed by a different Management Server (or administrative Domain) are also External VPN Gateways. External VPN Gateway elements define settings for the external gateway devices in their role as VPN gateways.

Only one VPN Gateway or External VPN Gateway element per device is needed, even if there are many VPNs. You can use the same Gateway in several different VPNs, possibly overriding some of the Gateway’s settings as necessary. You can create several Gateway elements to represent the same Firewall. However, each Gateway element reserves a VPN endpoint (IP address) that other Gateway elements cannot use. If you use the same Gateway element in both policy-based and route-based VPNs, you must define unique endpoints for each type of VPN.

The predefined VPN Client element represents all instances of the Stonesoft VPN Client and third-party IPsec VPN clients in mobile VPNs. When you set up a mobile VPN with the Stonesoft VPN Client, the VPN Client element must always be used. Usually, we recommend using the element with third-party VPN clients as well. However, it is possible to configure an individual third-party VPN client using an External VPN Gateway element if there is a specific need to do so. In this configuration, only one client at a time can connect to each gateway.