Create External VPN Broker Gateway elements for VPN Broker high availability
External VPN Broker Gateways are remote VPN Broker gateways that are managed by a different NGFW Manager. You must create one External VPN Broker Gateway element to represent each remote VPN Broker gateway in each NGFW Manager.
Steps
Example
Fields marked with an asterisk in the user interface are mandatory.
Option | Definition |
---|---|
Endpoints table To edit the contents of a cell, click the cell. Click or to add a row. |
|
Info | You can enter a name and a comment for the endpoint. |
Endpoint Address | Enter the IP address of the remote gateway. |
Endpoint Class |
Select a default system Connectivity Type element that has the appropriate mode selected. Type part of the name of an element or browse through the drop-down list to select an element. The following system Connectivity Type elements are available:
|
Enabled | When selected, the endpoint is enabled. You can temporarily disable the endpoint without deleting it. |
Used for Client Gateways | When Yes is selected, VPN Broker members can communicate using the endpoint. If there is an intermediate NAT device between this VPN Broker and VPN Broker members, add a contact address. |
Used for Broker Servers | When Yes is selected, external VPN Broker gateways can communicate using the endpoint. If there is an intermediate NAT device between this VPN Broker and other VPN Broker gateways, add a contact address. |
Shared Secret |
To specify the shared secret that VPN Broker Gateways use to authenticate each other in a high availability configuration, click Shared Secret, enter the shared secret, then click Save. Tip: We recommend that you make a note of the shared secret.
Note: Enter the same shared secret in the properties of each VPN Broker Gateway in the same VPN Broker Domain.
|
VPN Broker Gateway ID |
Enter a unique ID number for the VPN Broker Gateway as an integer. The allowed range is 1–255. Note: In the NGFW Manager, you enter
the VPN Broker Gateway ID as a decimal number. However, the ID is converted internally to a hexadecimal number. For example, an ID of 10 is converted to 0A
in the MAC address of the VPN Broker Gateway. The allowed range in hexadecimal numbers is
1–FF.
When a log entry is generated, the SMC uses this value to identify the VPN Broker that generated the log entry. Tip: We recommend that you make a note of the VPN Broker Gateway ID for each VPN Broker Gateway.
|