Default elements for policy-based VPNs
There are several default elements for policy-based VPN configuration.
Element type | Default elements |
---|---|
Certificates | The Internal RSA CA for Gateways VPN Certificate Authority element represents the Management Server’s internal RSA certificate authority. You can use the element to define certificate trust relationships if you configure other CAs in the Secure SD-WAN Manager. |
Connection Types | The default Connection Type elements represent the Active, Aggregate, and Standby modes for endpoints in a Multi-Link configuration. |
Gateways | The predefined VPN Client gateway element that represents VPN clients, including the Forcepoint VPN Client and third-party VPN clients. You can change the Gateway Profile associated with this default element. |
Gateway Profiles | Several different Gateway Profiles are included for different Firewall/VPN and Forcepoint VPN Client versions. With third-party VPN devices, you can use the Default (All Capabilities) profile, which enables all options. You can also create a more restrictive profile yourself for better automatic configuration validation. |
Gateway Settings | Gateway Default Settings is a predefined Gateway Settings element that contains the default recommended settings for most environments. Each firewall has settings that are common to all VPNs the firewall establishes, set in the Gateway Settings element. These settings are mostly for performance tuning. Usually there is no need to change them at all. If there is some particular need to change the settings, you must create a custom Gateway Setting element. You cannot edit the Gateway Default Settings system element. There are some advanced properties on the General tab, meant for advanced users only. The default values are the recommended values. These options affect the VPN directly. |
VPN Profiles | The predefined VPN Profiles are provided to allow you to quickly try out VPNs without creating a VPN Profile yourself.
The predefined VPN Profiles also allow you to change settings that are not specified in RFC 4308 and RFC 6379. You might need to adjust the settings to achieve a valid VPN in some configurations. |