VPN Broker high availability configuration overview

The configuration consists of these high-level steps.

Steps in the NGFW Manager

  1. Start the NGFW Manager, then select VPN Broker Management mode.
  2. In each NGFW Manager, configure the interface to which members of the VPN Broker domain can connect.
  3. In each NGFW Manager, create the required elements in the following order:
    1. One VPN Broker Gateway element to represent the local VPN Broker gateway.
    2. External VPN Broker Gateway elements to represent all remote VPN Broker gateways.
    3. One identical VPN Broker Domain element to which all VPN Broker gateways and external VPN Broker gateways belong.
    4. Identical VPN Broker Member elements.
  4. In one NGFW Manager, export the VPN Broker Domain element to a file.
  5. In each NGFW Manager, enable the VPN configuration in the properties of the NGFW Engine.

Steps in the Management Client component of the SMC

  1. Create the required elements in the following order:
    1. Create one VPN Broker Domain element.

      Import the VPN Broker Domain configuration file into the configuration of the VPN Broker Domain element.

    2. Add a VPN Broker Interface to all NGFW Engines that are used as VPN Broker members.
  2. Refresh the firewall policy.
    Note: VPN Broker provides connectivity between networks of the VPN Broker members. You must add Access rules to the policy of each NGFW Engine to allow specific types of traffic to and from these networks.

Begin the configuration by starting the NGFW Manager.