Configure the firewall's VPN settings for configuration 3

You must create Gateway elements for the configuration.

  For more details about the product and how to configure features, click Help or press F1.


  1. Right-click the firewall element, then select Edit Single Firewall or Edit Firewall Cluster.
  2. In the navigation pane on the left, browse to VPN > Certificates.
    The Certificates pane opens on the right.
  3. Make sure that Automated RSA Certificate Management is selected.
    The gateway must have a certificate for a mobile VPN.
  4. In the navigation pane on the left, browse to VPN > Sites. The Sites pane opens on the right. A Site element is displayed with each internal network interface on the engine as the content.
    The Sites represent the internal addresses that VPN clients can reach through the VPN. This definition alone does not grant access to any hosts. The Access rules define the allowed connections.
  5. Leave Add and update addresses based on routing selected.
    This option automatically updates this information based on routing changes. You can exclude some interfaces while keeping the others automatically updated.
  6. If you need to make changes in the Sites (add or remove destination addresses that VPN clients route through the VPN), see the topic about defining Site elements.
  7. Click Save.

Engine Editor – VPN – Certificates

Use this branch to change settings for automatic certificate management and trusted certificate authorities for VPNs.

Option Definition
Automated RSA Certificate Management When selected, RSA certificates are automatically created and renewed.
Note: Only the default certificate authority is used in automated RSA certificate management.
Trusted VPN Certificate Authorities Restricts which certificate authorities the VPN gateway trusts.
  • Trust all — The VPN gateway trusts all certificate authorities. This option is the default setting.
  • Trust only selected — The VPN gateway trusts only the certificate authorities that you select in the table.