Example VPN configuration 4: create a Policy-Based VPN element

You must add a VPN element for this configuration.

Note: This configuration scenario does not explain all settings related to Policy-Based VPN elements.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Right-click Policy-Based VPNs in the element tree, then select New Policy-Based VPN.
  3. In the Name field, enter a unique name.
  4. From the Default VPN Profile drop-down list, select Suite-B-GCM-128.
  5. If you want to apply NAT rules to the communications that go through the VPN, select Apply NAT to traffic that uses this VPN.
    This setting does not affect the communications that the two gateways have with each other to set up and maintain the VPN. Communications between the gateways are always matched to the automatic rules or the NAT rules.
  6. Click OK.
    The VPN Editing view opens on the Site-to-Site VPN tab.
  7. Drag and drop the firewall that acts as the hub gateway to Central Gateways.

    Figure: VPN editing view - Site-to-Site VPN tab



  8. Drag and drop the other firewalls on top of the hub gateway so that the firewalls are added as branches (spokes) under the hub gateway.
    Spoke gateways can be any other firewalls or External VPN Gateways.
  9. Click Save, but do not close the VPN Editing view.

Next steps

Define a Site element for the hub gateway.