Site-to-site and mobile VPNs in Secure SD-WAN

You can create VPNs between VPN gateway devices or between a VPN client and a VPN gateway device.

  • A site-to-site VPN is created between two or more gateway devices that provide VPN access to several hosts in their internal networks. Site-to-site VPNs are supported for IPv4 and IPv6 traffic.
  • A mobile VPN is created between a VPN client running on an individual computer and a gateway device.

Figure: Site-to-site and mobile VPNs



For mobile VPNs, we recommend using the Forcepoint VPN Client solution. Forcepoint VPN Client is available for the following platforms:
  • Android (SSL VPN only)
  • Mac OS (SSL VPN only)
  • Windows (IPsec or SSL VPN)
In mobile VPNs with IPsec tunnels, you can alternatively use a third-party IPsec-compatible VPN client. However, third-party clients do not support all features offered by Secure SD-WAN.
Note: Most VPN clients that are a part of a vendor-specific VPN gateway solution are incompatible with gateways from other vendors.

The following limitations apply to mobile VPNs:

  • All mobile VPNs that you configure in Secure SD-WAN must be valid for Forcepoint VPN Client even if you use only third-party VPN client software.
  • VPN clients cannot connect directly to engines that have a dynamic IP address.

    Instead, VPN clients connect through a central gateway that forwards the connections to the non-compatible gateways using a site-to-site VPN.