Create VPN Broker Domain elements for VPN Broker high availability

The VPN Broker Domain element defines the virtual network that contains the local and remote VPN Broker gateways, and the VPN Broker domain members.

Create a VPN Broker Domain element in each NGFW Manager. When creating one of the VPN Broker Domain elements, you must set it to be the primary. Consider the NGFW Manager that you create the primary VPN Broker Domain element in as the primary NGFW Manager. Changes that you make to the list of VPN Broker members in the primary NGFW Manager are automatically synchronized to other gateways.

Steps

  1. Browse to SD-WAN > VPN Broker > VPN Broker Domain.


  2. Click .
  3. Configure the settings, then click Save.

Example

Fields marked with an asterisk in the user interface are mandatory.

Table 1. VPN Broker Domain properties
Option Definition
IPv4 Network or IPv6 Network Enter the IP address and netmask of the virtual network that contains all of the members of the VPN Broker domain. You must enter an IPv4 network, an IPv6 network, or both.
Tip: We recommend that you make a note of the IP addresses for each VPN Broker Domain.
Note: With version 6.11, IP address validation is done and notified to the administrator.
VPN Broker Gateway Select the local VPN Broker Gateway that belongs to the VPN Broker domain. Type part of the name of an element or browse through the drop-down list to select an element.
External VPN Broker Gateways Select all External VPN Broker Gateways that belong to the VPN Broker domain. Type part of the name of an element or browse through the drop-down list to select an element.
MAC Address Prefix Enter a unique identifier for the VPN Broker Domain in MAC address format. The length must be three octets. The first octet must be even. The address must be a unique unicast MAC address.
Tip: We recommend that you make a note of the MAC Address Prefix for each VPN Broker Domain.
Note: With version 6.11, the MAC Address Prefix is auto-populated.
Primary VPN Broker Server In a high availability environment, one NGFW Manager must be set as the primary NGFW Manager for each VPN Broker Domain. When you make changes to the list of VPN Broker members in the primary NGFW Manager, the changes are synchronized to the other instances of the NGFW Manager. If this NGFW Manager is offline, you must manually promote another NGFW Manager to be the primary.
Enabled When selected, the VPN Broker Domain element is enabled. You can temporarily disable the element without deleting it.

Next steps

In each NGFW Manager, create one VPN Broker Gateway element to represent the local VPN Broker gateway.