Example VPN configuration 2: create an External VPN Gateway element

You need an External VPN Gateway element for this configuration.

Note: This configuration scenario does not explain all settings related to External VPN Gateway elements.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Right-click Gateways in the element tree, then select New External VPN Gateway.
  3. In the Name field, enter a unique name.
  4. Click Select for Gateway Profile, then select one of the following profiles:
    • For-third party gateways, select the Default (All Capabilities) profile for third-party gateways.
    • For Forcepoint NGFW Engines managed by a different Management Server, select the appropriate version-specific profile .
  5. On the Endpoints tab, click Add, then define the IP address for the endpoint:
    • If the endpoint has a static (manually defined) IP address, enter in it the IPv4 Address field.
    • If the endpoint has a dynamic (DHCP-assigned) IP address, select Dynamic..
  6. If the external gateway has a dynamic IP address:
    1. In the Phase 1 ID section at the bottom of the dialog box, change the ID Type to E-mail.
    2. Enter an email address in the ID value field.
      This email address can be any address that is not used as an ID in any of your other endpoints. The address entered here is used only as an identification, not for actually sending email.
      Note: Make sure that the ID Type and ID Value match the identity configured on the external gateway device. If the device has a static IP address, make sure that the device uses it as its identity in this VPN or change the External VPN Gateway element configuration.
    3. Click OK.
  7. Leave the properties dialog box open.

Next steps

Define a site for the external VPN gateway.

External VPN Gateway Properties dialog box

Use this dialog box to define the properties of an External VPN Gateway element.

Option Definition
General tab
Name Specifies the unique name of the element.
Gateway Profile Shows the selected gateway profile.
Select Opens the Select Element dialog box.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Endpoints tab
Search Opens a search field. Enter a search parameter to locate an endpoint. Clicking X removes the search field.
New External Endpoint — Adds an external endpoint IP address. Opens the External Endpoint Properties dialog box.
Tools
  • Expand All — Expands all elements.
  • Collapse All — Collapses all elements.
  • Refresh View — Updates the element list.
  • Remove — Removes the selected row from the table.
Add Opens the External Endpoint Properties dialog box.
Edit Opens the External Endpoint Properties dialog box for the selected endpoint.
Remove Removes the selected endpoint from the list.
Option Definition
Sites tab
Search Opens a search field for the selected element list.
Up (Backspace) Navigates up one level in the navigation hierarchy. Not available at the top level of the navigation hierarchy.
Tools
  • New — Creates an element of the specified type.
  • Show Deleted Elements — Shows elements that have been moved to the Trash.
Add Adds the selected element to the content list.
Remove Removes the selected element from the content list.
Content Shows the selected elements.
Option Definition
Trusted CAs tab
Trust All The gateway accepts any valid CA that is configured, unless restricted in the VPN element.
Trust only selected Only selected CAs are accepted. Select the CAs that the Gateway must trust.