Configure a VPN with an FlexEdge Secure SD-WAN Engine in Azure

When you have deployed an Secure SD-WAN Engine in Azure, you can use it as an endpoint in VPNs with other Secure SD-WAN Engines in your network.

Note: You cannot use Cloud Auto-Scaled Engines in VPNs.

Configuring a VPN between Secure SD-WAN Engines that are managed by the same SMC has the following advantages compared to using Azure's native VPN tools:

Access control for VPN traffic
Centralized management of the Secure SD-WAN Engines that act as VPN gateways

Because the public IP addresses of Secure SD-WAN Engines deployed in Azure are dynamic, the following restrictions apply when you use an Secure SD-WAN Engine deployed in Azure as a VPN gateway:

The VPN gateway must use the fully qualified domain name (FQDN) of your Secure SD-WAN Engine as the phase-1 ID.
IKEv1 main mode with pre-shared key authentication is not supported. Aggressive mode allows the use of pre-shared keys, but for security reasons certificate-based authentication is also recommended when IKEv1 is set in aggressive mode.