Define endpoints for External VPN Gateways
Each endpoint is dedicated for one External VPN Gateway element.
Before you begin
You must have an External VPN Gateway element.
For more details about the product and how to configure features, click Help or press F1.
Steps
External Endpoint Properties dialog box
Use this dialog box to define the properties of an External Endpoint in an IPsec VPN.
Option | Definition |
---|---|
Name | Specifies a unique name for the element. |
IP Address | If the endpoint has a static (manually defined) IP address, enter the IP address. This IP address must be the IP address that is configured for the external device in its configuration. |
Dynamic | If the endpoint has a dynamic (DHCP-assigned) IP address, select this option. |
Mode | Defines how the system treats the endpoint in a Gateway with multiple endpoints. This option is a default setting for the tunnels that are generated for VPNs that use this Gateway. You can override the Mode setting in each VPN.
|
NAT-T | Activates encapsulation for NAT traversal in VPNs, which might be needed to traverse a NAT device at the local or at the remote gateway end.
|
Use UDP encapsulation | This option is included for backward compatibility with legacy Forcepoint NGFW software versions. Selecting this option has no effect on Forcepoint NGFW version 5.9.0 or later. |
Contact Addresses | |
Default | Used by default whenever a component that belongs to another Location connects to this endpoint. |
Dynamic | Select when the endpoint has a dynamic Default contact address. |
Phase-1 ID | |
ID Type | Identifies the gateway during the IKE phase-1 negotiations.
|
Exceptions | Adds VPN-specific exceptions for the Phase-1 ID. Opens the Exceptions dialog box. |
ID Value | Specifies the details of the ID Type. |