Getting started with the VPN Broker
The VPN Broker environment consists of a VPN Broker domain, a VPN Broker gateway, and several VPN Broker members.
- VPN Broker domain — The VPN Broker domain is a virtual network that contains the VPN Broker gateway and the VPN Broker members.
- VPN Broker gateway — The VPN Broker gateway is configured on a single pre-installed Forcepoint NGFW appliance that is dedicated for use only with the VPN Broker.
- VPN Broker member — Each VPN Broker member is an NGFW Engine in the Firewall/VPN role (Single Firewall or Firewall Cluster).
When you use Master NGFW Engines and Virtual NGFW Engines, the
same Master NGFW Engine can host VPN Broker members that belong to more than one VPN Broker domain.
VPN tunnels can be created between VPN Broker members that are controlled by different Management Servers. The members do not need to be in the same administrative Domain in the Forcepoint NGFW Security Management Center (SMC).
The following is an example environment for a single VPN Broker configuration.
- 1
- VPN Broker domain
- 2
- VPN Broker gateway
- 3
- VPN Broker member
- 4
- VPN tunnels are created and removed as needed between the VPN Broker members.
Access rules that allow communication between the VPN Broker gateway and the members are automatically created. The communication between domain members and the VPN Broker gateway is authenticated using a shared secret.
The members communicate with the VPN Broker gateway using a VPN Broker Interface that you must configure on each NGFW Engine. The traffic that goes into the VPN also passes through this interface.