How the VPN Broker Domain works in a high availability environment

The VPN Broker domain is a virtual network that contains the VPN Broker gateway and the VPN Broker members.

The following is an example of IP addresses and MAC addresses in the VPN Broker Domain.

1

The VPN Broker Domain is a virtual network.

The VPN Broker Domain is identified by a unique MAC address prefix. In this example, the MAC address prefix is 02:02:02.

2

Each VPN Broker Member has an IP address that is part of the virtual network defined in the VPN Broker Domain.

Each VPN Broker Member is identified by a unique partial MAC address.

3

VPN Broker Gateway A is identified by a unique VPN Broker Gateway ID number. In this example, the VPN Broker Gateway ID is 10.

This gateway has been configured in the primary NGFW Manager. Changes that you make to the list of VPN Broker members in the primary NGFW Manager are automatically synchronized to other gateways.

4

The VPN Broker Gateway B is identified by a unique VPN Broker Gateway ID number. In this example, the VPN Broker Gateway ID is 11.

The MAC address prefix of the VPN Broker Domain is combined with the partial MAC address of each VPN Broker Member to form a complete MAC address for each VPN Broker Member.

The MAC address prefix of the VPN Broker Domain is combined with the VPN Broker Gateway ID number to form a complete MAC address for each VPN Broker Gateway.

In this example, the VPN Broker Gateway ID number for VPN Broker Gateway A is 10, and the VPN Broker Gateway ID number for VPN Broker Gateway B is 11. In the NGFW Manager, you enter the VPN Broker Gateway ID as a decimal number. However, the ID is converted internally to a hexadecimal number. For example, an ID of 10 is converted to 0A in the MAC address of the VPN Broker Gateway. An ID of 11 is converted to 0B in the MAC address of the VPN Broker Gateway.