VPN Broker high availability configuration overview

The configuration consists of these high-level steps.

Steps in the NGFW Manager

  1. Start the NGFW Manager, then select VPN Broker Management mode.
  2. In each NGFW Manager, configure the interface to which members of the VPN Broker domain can connect.
  3. In each NGFW Manager, create the required elements in the following order:
    1. One VPN Broker Gateway element to represent the local VPN Broker gateway.
    2. External VPN Broker Gateway elements to represent all remote VPN Broker gateways.
    3. One VPN Broker Domain element to which all VPN Broker gateways and external VPN Broker gateways belong.

      When creating one of the VPN Broker Domain elements, you must set it to be the primary. Consider the NGFW Manager that you create the primary VPN Broker Domain element in as the primary NGFW Manager.

  4. In the primary NGFW Manager, add VPN Broker Member elements.

    Changes that you make to the list of VPN Broker members in the primary NGFW Manager are automatically synchronized to other gateways.

  5. In the primary NGFW Manager, export the VPN Broker Domain element to a file.
  6. In each NGFW Manager, enable the VPN configuration in the properties of the NGFW Engine.

Steps in the Management Client component of the SMC

  1. Create the required elements in the following order:
    1. Create one VPN Broker Domain element.

      Import the VPN Broker Domain configuration file into the configuration of the VPN Broker Domain element.

    2. Add a VPN Broker Interface to all NGFW Engines that are used as VPN Broker members.
  2. Refresh the firewall policy.
    Note: VPN Broker provides connectivity between networks of the VPN Broker members. You must add Access rules to the policy of each NGFW Engine to allow specific types of traffic to and from these networks.

Begin the configuration by starting the NGFW Manager.