Configuring IPsec tunnels

Configure primary and secondary IPsec tunnels and associate the IKE gateway and tunnel interface.

Steps

  1. Navigate to Network > IPsec Tunnels > Add.
  2. To create a primary IPsec tunnel, enter the following details:
    1. Enter an appropriate IPsec tunnel Name.
    2. Select the primary Tunnel Interface that you have created.
    3. Select Auto Key as Type to use an automatically generated security key.
    4. Select the IPv4 option as Address type as Forcepoint ONE SSE supports only IPv4.
    5. Select the primary IKE Gateway that you have created.
    6. Select the IPSec Crypto Profile that you have created.
    7. To enable the tunnel monitoring, select the Tunnel Monitor checkbox.
    8. Enter the monitoring IP 116.50.59.230 in Destination IP.

      You can obtain the Monitoring IP from Forcepoint ONE SSE by navigating to the Analyze > Tunnels > Setup Info dialog of the primary or secondary IPsec tunnel.

    9. Select the monitoring Profile that you have created.
    10. To configure the primary IPsec tunnel with entered details, click OK.


  3. To create a secondary IPsec tunnel, enter the following details:
    1. Enter an appropriate IPsec tunnel Name.
    2. Select the secondary Tunnel Interface that you have created.
    3. Select Auto Key as Type to use an automatically generated security key.
    4. Select the IPv4 option as Address type as Forcepoint ONE SSE supports only IPv4.
    5. Select the secondary IKE Gateway that you have created.
    6. Select the IPSec Crypto Profile that you have created.
    7. To enable the tunnel monitoring, select the Tunnel Monitor checkbox.
    8. Enter the monitoring IP 116.50.59.230 in Destination IP.

      You can obtain the Monitoring IP from Forcepoint ONE SSE by navigating to the Analyze > Tunnels > Setup Info dialog of the primary or secondary IPsec tunnel.

    9. Select the monitoring Profile that you have created.
    10. To configure the secondary IPsec tunnel with entered details, click OK.


  4. Commit the configuration.
  5. Verify that the primary and secondary IPsec tunnels come up by navigating to Network > IPsec Tunnels.


Result

The primary and secondary tunnels are created and are showing up. In this example, FOne_Primary represents primary IPsec tunnel and FOne_Backup represents secondary IPsec tunnel.