Configure certificates and sites for the mobile VPN.
Before you begin
The
NGFW Engine must have a certificate for a mobile VPN. You can check the gateway certificates in the branch of the
Configuration view.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click the firewall element, then select Edit Single Firewall or Edit Firewall Cluster.
-
In the navigation pane on the left, browse to .
-
Make sure that Automated RSA Certificate Management is selected.
-
In the navigation pane on the left, browse to .
The Sites represent the internal addresses that VPN clients can reach through the VPN. Sites do not grant any host access directly. The Access rules define the allowed
connections.
-
(Optional) Leave Add and update addresses based on routing selected.
This option automatically updates this information based on routing changes. You can exclude some interfaces while keeping the others automatically updated.
-
(Optional) Select the internal networks that you want to exclude from the VPN by disabling the interface they are under in the automatic site.
Disabled interfaces are grayed-out.
- If you want to include some individual network that is under an otherwise disabled interface, drag and drop it from under the disabled interface onto the Site element. The
element is copied to the higher level. The copied definition is not updated automatically.
- The Sites must include only internal networks. Do not add interfaces with the Any Network element in this type of VPN.
-
Click
Save.
Next steps
Create a VPN Profile element.