Create External VPN Gateway elements

In the Management Client, create an External VPN Gateway elements to represent the Forcepoint ONE SSE cloud VPN gateway.

1. Select Configuration, then browse to SD-WAN.
2. Browse to VPN Gateways.
3. Create an External VPN Gateway element to represent the Forcepoint ONE SSE end of the VPN tunnel.
   1. Select New > External VPN Gateway.
      
      
      
   2. In the Name field, enter a descriptive name.
      Example: Forcepoint ONE VPN Gateway
      Note: Do not close the External VPN Gateway Properties dialog box.
4. Configure endpoints for the external VPN gateway.
   1. On the Endpoints tab, click Add.
      
      
      
   2. Enter a descriptive Name for the primary data center.
      Example: Forcepoint ONE Primary Datacenter.
   3. To use dynamic IP address of the site, select the Dynamic checkbox next to the IP address.
   4. From the Connection Type drop-down list, configure one endpoint as primary and the other endpoint as a standby.
      • For the primary endpoint, select Active.
      • For the secondary endpoint, select Standby.
   5. Verify that NAT-T is set to Enabled.
   6. From the Contact Addresses drop-down list, select Dynamic / FQDN option.
   7. Copy the Cloud FQDN value for the primary tunnel from Analyze > Tunnels > Setup Info of the Forcepoint ONE SSE portal and then paste in Default.
   8. To use Cloud IKE ID as the Phase-1 ID:
      • Select the ID Type to DNS Name.
      • Copy the Cloud IKE ID value for the primary tunnel from Analyze > Tunnels > Setup Info of the Forcepoint ONE SSE portal and then paste in ID Value.
   9. Click OK.
   10. Repeat the step 4(a) through step 4(k) to create secondary tunnel.
   11. In the Enabled column, select the checkboxes for each endpoint.
       

       Note: Do not close the External VPN Gateway Properties dialog box.
5. Select Any network to the sites for the external VPN gateway.
   
   1. On the Sites tab, browse to Networks in the left pane.
   2. Select Any network and then click Add.
   3. Click OK.