Example VPN configuration 4: define a Site element for the hub gateway

The VPN Gateway that acts as the hub gateway needs a Site element.

Note: This configuration scenario does not explain all settings related to Site elements.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the VPN Gateway that acts as the hub gateway, then select New > Site.
  2. In the Name field, enter a unique name.
  3. Add all networks protected by the spoke gateways to the site contents on the right.
    After you add the protected networks, the site contains all remote IP addresses that are used in spoke-to-hub traffic that is forwarded from the hub to other spokes. The site should not contain the hub gateway’s local networks. These are defined using the automatic site management features in this example.
  4. On the VPN References tab, select Enable for this VPN element, then deselect it for all other VPNs.
    The site is still shown in all VPNs, but is grayed-out (disabled) and not included in the configuration.
  5. In the Mode cell, select Hub to activate VPN hub-related features for the VPN Gateway.
  6. Click OK to close the dialog box.
    You return to the main VPN editing view.
  7. Click the Tunnels tab.
  8. Check that the Validity column in the Gateway<->Gateway and the End-Point<->End-Point tables has a green checkmark to indicate that there are no problems.
    1. If the Validity column of a tunnel has a warning icon, see the Issues pane to check what the problem is. If the pane is not shown, select Menu > View > Panels > Issues.
    2. If issues are shown, correct them as indicated. Long issues are easiest to read by hovering over the issue text so that the text is shown as a tooltip.
  9. Click Save.

Next steps

Create Access rules.