Example VPN configuration 3: create a Policy-Based VPN element

You must add a Policy-Based VPN element for this configuration.

Before you begin

You must have a custom VPN Profile element for configuration 3.

Note: This configuration scenario does not explain all settings related to Policy-Based VPN elements.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Right-click Policy-Based VPNs in the element tree, then select New Policy-Based VPN.
  3. In the Name field, enter a unique name.
  4. From the Default VPN Profile drop-down list, select the custom VPN Profile that you created.
  5. Select Apply NAT Rules to Traffic That Uses This VPN.
    This option applies the NAT rules in the policy and the global NAT definition for the Firewall.
  6. Click OK.
    The VPN Editing view opens on the Site-to-Site VPN tab.
  7. Drag and drop the VPN Gateway element that represents the firewall to Central Gateways.
  8. On the Mobile VPN tab, select Only central Gateways from overall topology to define which VPN Gateways provide Mobile VPN access.
  9. On the Tunnels tab, make sure that the Validity column in the Gateway<->Gateway and the End-Point<->End-Point tables has a green check mark to indicate that there are no problems.
    1. If the Validity column of a tunnel has a warning icon, see the Issues pane to check what the problem is. If the pane is not shown, select Menu > View > Panels > Issues.
    2. If issues are shown, correct them as indicated. Long issues are easiest to read by hovering over the issue text so that the text is shown as a tooltip.
  10. Click Save.

Next steps

Create User elements.