Create identical VPN Broker Members for VPN Broker high availability

Enter a unique identifier for the VPN Broker Member as the last three octets of a MAC address.

The allowed range is 00:01:00–ff:ff:ff. Each member in the domain must have a unique identifier. When adding a VPN Broker Interface to an NGFW Engine in the SMC, use the same value that is used in the corresponding VPN Broker Member element in the NGFW Manager.

Click Enter Shared Secret to enter a password. Click Change Shared Secret to change a password that has already been set.

When adding a VPN Broker Interface to an NGFW Engine in the SMC, use the same value that is used in the corresponding VPN Broker Member element in the NGFW Manager.

Enter a member IP address that is part of the virtual network defined in the VPN Broker Domain element. You must enter an IPv4 address, an IPv6 address, or both.

Use the same kind of IP address that the VPN Broker Domain uses. For example, if the VPN Broker Domain has only IPv4 addresses, enter an IPv4 address. You can enter both an IPv4 address and an IPv6 address if the VPN Broker Domain has both IPv4 addresses and IPv6 addresses.

To edit the contents of a cell, click the cell.

Click > Add to add the first row.

Click > New > Row Before or > New > Row After to add a row.

Select from the following options.

• Reserved — Network addresses are dedicated to the gateway and these addresses or a subnet of these addresses cannot be given to any other member of the VPN Broker domain. This is the recommended option.
• Allowed — Network addresses are allowed for the VPN gateway. However, the VPN Broker does not announce these as routes to other VPN gateways. Used for dynamic routing or the default VPN gateway.
• Routed — When selected, enter a value in the Metric field. The same network address that has a different route metric value can be given to another VPN gateway. The subnet of a specified network can be given to a specified VPN gateway.