Getting started with basic policy-based VPN configurations

You can use these examples when setting up your own policy-based VPNs and add other features after the basic scenario is configured and working.

Note: VPNs are not supported on Layer 2 Firewalls or on layer 2 physical interfaces on Firewalls.
The following basic configurations are explained:
  • Configuration 1 is for creating a site-to-site VPN between two or more NGFW Engines that are managed through the same Management Server. A default set of VPN settings is used to simplify the configuration.
  • Configuration 2 is for creating a site-to-site VPN between an NGFW Engine and an IPsec-compatible VPN gateway that is not managed through the same Management Server. A customized set of VPN settings is created. Customized settings are typically mandatory for this configuration. A pre-shared key is used for authentication.
  • Configuration 3 is for creating a mobile VPN between an NGFW Engine and the Stonesoft VPN Client installed on individual computers. A default set of VPN settings is used to simplify the configuration.
  • Configuration 4 is for creating a site-to-site VPN in which several remote gateway connect to a hub gateway. The hub gateway forwards connections to the other remote gateways as necessary. A default set of VPN settings is used to simplify the configuration.