Create a Policy-Based VPN element

The configuration of a Policy-Based VPN element has two stages: first you define some basic properties for the element, then you can add gateways and adjust the tunnels.

  For more details about the product and how to configure features, click Help or press F1.


  1. Select Configuration, then browse to SD-WAN.
  2. Browse to Policy-Based VPNs.
  3. Right-click Policy-Based VPNs, then select New Policy-Based VPN.
  4. Configure the settings.
  5. Click OK.
    The Policy-Based VPN opens for editing.

Next steps

Define the VPN topology.

Policy-Based VPN Properties dialog box

Use this dialog box to change the properties of a policy-based VPN.

Option Definition
Name The name of the element.


Includes the element in predefined categories. Click Select to select a category.


A comment for your own reference.
Default VPN Profile Specifies the Default VPN Profile for the VPN.

By default, this profile is used for all tunnels, but you can override the selection for individual tunnels.

DSCP QoS Policy


Defines how DSCP matching or marking is done for VPN traffic in one of the following ways:
  • Select an existing QoS Policy from the list.
  • Select Select, then select an existing QoS Policy or click Tools > New to create a QoS Policy.
Apply NAT to traffic that uses this VPN


Select this option if you want the NAT rules in the Firewall Policy to apply to traffic that it sends into or receives from the VPN, or if you want to use the NAT Pool feature to translate VPN client connections. This option affects the traffic that is transported inside the tunnels. This option does not affect the tunnel negotiations or the encrypted packets between gateways. These communications are always matched to NAT rules.