Define endpoints for External VPN Gateways
Each endpoint is dedicated for one External VPN Gateway element.
Before you begin
You must have an External VPN Gateway element.
For more details about the product and how to configure features, click Help or press F1.
Steps
External VPN Gateway Properties dialog box
Use this dialog box to define the properties of an External VPN Gateway element.
Option | Definition |
---|---|
General tab | |
Name | Specifies the unique name of the element. |
Gateway Profile | Shows the selected gateway profile. |
Select | Opens the Select Element dialog box. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Endpoints tab | |
Search | Opens a search field. Enter a search parameter to locate an endpoint. Clicking X removes the search field. |
New | External Endpoint — Adds an external endpoint IP address. Opens the External Endpoint Properties dialog box. |
Tools |
|
Add | Opens the External Endpoint Properties dialog box. |
Edit | Opens the External Endpoint Properties dialog box for the selected endpoint. |
Remove | Removes the selected endpoint from the list. |
Option | Definition |
---|---|
Sites tab | |
Search | Opens a search field for the selected element list. |
Up (Backspace) | Navigates up one level in the navigation hierarchy. Not available at the top level of the navigation hierarchy. |
Tools |
|
Add | Adds the selected element to the content list. |
Remove | Removes the selected element from the content list. |
Content | Shows the selected elements. |
Option | Definition |
---|---|
Trusted CAs tab | |
Trust All | The gateway accepts any valid CA that is configured, unless restricted in the VPN element. |
Trust only selected | Only selected CAs are accepted. Select the CAs that the Gateway must trust. |
External Endpoint Properties dialog box
Use this dialog box to define the properties of an External Endpoint in an IPsec VPN.
Option | Definition |
---|---|
Name | The name of the endpoint. If no name is entered, the IP address is used. |
IP Address | If the endpoint has a static (manually defined) IP address, enter the IP address. This IP address must be the IP address that is configured for the external device in its configuration. |
Dynamic | If the endpoint has a dynamic (DHCP-assigned) IP address, select this option. |
Connection Type | Defines how the endpoint is used in a Multi-Link configuration. |
NAT-T |
Detects when an IPsec VPN tunnel goes through a NAT device. If NAT is detected, the VPN automatically uses UDP port 4500 for IKE negotiation messages, and encapsulates ESP packets in UDP packets that use port 4500.
|
Use UDP encapsulation | This option is included for backward compatibility with legacy NGFW software versions. |
Contact Addresses | |
Default | Used by default whenever a component that belongs to another Location connects to this endpoint. |
Dynamic | Select when the endpoint has a dynamic Default contact address. |
Phase-1 ID | |
ID Type | Identifies the gateway during the IKE phase-1 negotiations.
|
ID Value | Specifies the details of the ID Type. |