Create an External VPN Gateway element for configuration 2

You need an External VPN Gateway element for this configuration.

Note: This basic configuration scenario does not explain all settings related to External VPN Gateway elements.

  For more details about the product and how to configure features, click Help or press F1.


  1. Select Configuration, then browse to SD-WAN.
  2. Right-click Gateways in the element tree, then select New External VPN Gateway.
  3. In the Name field, enter a unique name.
  4. Click Select for Gateway Profile, then select one of the following profiles:
    • Select the Default (All Capabilities) profile for third-party gateways.
    • Select the appropriate version-specific profile for Forcepoint NGFW Firewalls managed by a different Management Server.
  5. Click the Endpoints tab.
  6. Click Add.
  7. Define the IP address for the endpoint:
    • If the endpoint has a static (manually defined) IP address, enter in the IPv4 Address.
    • If the endpoint has a dynamic (DHCP-assigned) IP address, select Dynamic.
  8. If the external gateway has a dynamic IP address:
    1. In the Phase 1 ID section at the bottom of the dialog box, change the ID Type to E-mail.
    2. Enter an email address in the ID value field.
      This email address can be any address that is not used as an ID in any of your other endpoints. The address entered here is used only as an identification, not for actually sending email.
    3. Click OK.
    Note: Make sure that the ID Type and ID Value match the identity configured on the external gateway device. If the device has a static IP address, make sure that the device uses it as its identity in this VPN or change the External VPN Gateway element configuration.
  9. Leave the properties dialog box open.