Configuration 1: Basic VPN between NGFW Engines

This basic configuration scenario walks you through creating a policy-based VPN between two or more NGFW Engines managed through the same SMC.

This example VPN requires all firewalls to have a fixed IP address (not DHCP- or PPPoE-assigned).

The address spaces protected by the different NGFW Engines that act as gateways must not overlap within any single VPN. If you use the same IP addresses at the different locations, you must apply NAT to the communications. You must also define the sites using the translated IP addresses (the addresses that are used inside the VPN tunnels).

This scenario uses the default VPN-A Suite VPN profile that contains the VPN settings specified for the VPN-A cryptographic suite in RFC 4308. The profile uses pre-shared keys for authentication.