Example VPN configuration 2: configure VPN settings for the NGFW Engine
If you have already configured VPN settings for the NGFW Engine, there is no need to change any of the settings.
For more details about the product and how to configure features, click Help or press F1.
Steps
Next steps
Engine Editor > VPN > Endpoints
Use this branch to change the endpoint settings that are used when the NGFW Engine acts as a VPN gateway.
Option | Definition |
---|---|
Enabled | When selected, the endpoint IP address is active. |
Name | Shows the name of the endpoint. If the endpoint does not have a descriptive name, the IP address of the endpoint is shown. |
IP Address | Shows the IP address of the endpoint. |
Connection Type | Defines how the endpoint is used in a Multi-Link configuration. |
Options | Shows the optional settings that have been selected for the endpoint. |
Phase-1 ID | Shows the value of the phase-1 ID that identifies the gateway during the IKE phase-1 negotiations. |
VPN Type | Shows the types of VPNs that the endpoint can be used in. |
Edit | Allows you to change the properties of the selected endpoint. |
Endpoint Properties dialog box
Use this dialog box to define the properties of internal endpoints.
Option | Definition |
---|---|
Name | The name of the endpoint. If no name is entered, the IP address is used. |
IP Address | The IP address of the endpoint. |
Dynamic | Automatically selected if the endpoint has a dynamic IP address. |
Connection Type | Defines how the endpoint is used in a Multi-Link configuration. |
NAT-T |
Detects when an IPsec VPN tunnel goes through a NAT device. If NAT is detected, the VPN automatically uses UDP port 4500 for IKE negotiation messages, and encapsulates ESP packets in UDP packets that use port 4500.
|
Contact Addresses section | This section cannot be edited. The contact addresses for endpoints are defined in the Interface properties. |
Default | Used by default whenever a component that belongs to another Location connects to this interface. |
Dynamic | Used when the endpoint has a dynamic IP address. Note: Dynamic contact addresses are not supported on SSID Interfaces.
|
Exceptions | Opens the Exceptions dialog box. |
Phase-1 ID section | |
ID Type | Identifies the Gateways during the IKE phase-1 negotiations.
|
Exceptions | Allows you to create VPN-specific exceptions if the endpoint must use different Phase-1 ID settings in individual policy-based VPNs. |
ID Value | Specifies the details of the ID Type. |
VPN Type section | |
All types | Restricts the types of VPNs that the endpoint can be used in. |
Selected types only | Select one or more options.
Note: The endpoint must have an IPv4 address if you want to use it in SSL VPN tunnels or to access the SSL VPN Portal.
|
VPN Site Properties dialog box
Use this dialog box to view or edit the properties a VPN site.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
Comment | An optional comment for your own reference. |
Search | Opens a search field for the selected element list. |
Up (Backspace) | Returns to the previous folder. |
New | This option is not available in this dialog box. |
Tools |
|
VPN References tab | |
VPN | Shows the VPNs where this site is used. |
Enable | When selected, the site is enabled in the specified VPN. |
Mode | Defines the mode for the Site for each VPN in which it is enabled.
|