Site elements allow you to adjust how the Site is used in each VPN.
Before you begin
You must have manually added Site elements to External VPN Gateways.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Select Configuration, then browse to SD-WAN.
-
Browse to VPN Gateways.
-
Expand the gateway, right-click a manually added Site, then select Properties.
-
On the VPN References tab, select or deselect Enable for the existing VPNs shown in the table to include or exclude the Site from the
configuration.
When a Site is disabled, it is grayed out.
You can disable a Site that contains translated address in VPNs in which NAT is not used, or in which a different address space is used for translation.
-
In the Mode cell, select the mode for the Site for each VPN in which it is enabled.
- Normal mode is the default. Use this mode for all active Site elements that do not require one of the other two modes.
- Hub mode is used on a hub gateway in tunnel-to-tunnel forwarding. Hub mode Sites contain the IP addresses of the networks that are behind the remote
spoke gateways (the networks between which the hub gateway forwards traffic). The automatically generated Site cannot be used as a Hub Site.
- (VPN Gateways on NGFW Engines only) Private mode is used for the local untranslated addresses when
addresses are translated using NAT in the VPN. You must include the translated IP addresses (the addresses that the other end sees) as a Normal-mode Site element in these types
of VPNs. If NAT is disabled in the VPN, any Sites in the Private mode are ignored.