Site-to-site and mobile VPNs in Secure SD-WAN
You can create VPNs between VPN gateway devices or between a VPN client and a VPN gateway device.
- A site-to-site VPN is created between two or more gateway devices that provide VPN access to several hosts in their internal networks. Site-to-site VPNs are supported for IPv4 and IPv6 traffic.
- A mobile VPN is created between a VPN client running on an individual computer and a gateway device.
Figure: Site-to-site and mobile VPNs
For mobile VPNs, we recommend using the Forcepoint VPN Client solution. Forcepoint VPN Client is available for the following
platforms:
- Android (SSL VPN only)
- Mac OS (SSL VPN only)
- Windows (IPsec or SSL VPN)
In mobile VPNs with IPsec tunnels, you can alternatively use a third-party IPsec-compatible VPN client. However, third-party clients do not support all features offered by Secure SD-WAN.
Note: Most VPN clients that are a part of a vendor-specific VPN gateway solution are incompatible with gateways from other vendors.
The following limitations apply to mobile VPNs:
- All mobile VPNs that you configure in Secure SD-WAN must be valid for Forcepoint VPN Client even if you use only third-party VPN client software.
- VPN clients cannot connect directly to engines that have a dynamic IP address.
Instead, VPN clients connect through a central gateway that forwards the connections to the non-compatible gateways using a site-to-site VPN.