Example VPN configuration 1: configure VPN settings for the NGFW Engines
Follow these steps for each NGFW Engine that is used as a VPN gateway.
 For more details about the product and how to configure features, click Help or
            press F1.
Steps
Next steps
Engine Editor > VPN > Endpoints
Use this branch to change the endpoint settings that are used when the NGFW Engine acts as a VPN gateway.
| Option | Definition | 
|---|---|
| Enabled | When selected, the endpoint IP address is active. | 
| Name | Shows the name of the endpoint. If the endpoint does not have a descriptive name, the IP address of the endpoint is shown. | 
| IP Address | Shows the IP address of the endpoint. | 
| Connection Type | Defines how the endpoint is used in a Multi-Link configuration. | 
| Options | Shows the optional settings that have been selected for the endpoint. | 
| Phase-1 ID | Shows the value of the phase-1 ID that identifies the gateway during the IKE phase-1 negotiations. | 
| VPN Type | Shows the types of VPNs that the endpoint can be used in. | 
| Edit | Allows you to change the properties of the selected endpoint. | 
Endpoint Properties dialog box
Use this dialog box to define the properties of internal endpoints.
| Option | Definition | 
|---|---|
| Name | The name of the endpoint. If no name is entered, the IP address is used. | 
| IP Address | The IP address of the endpoint. | 
| Dynamic | Automatically selected if the endpoint has a dynamic IP address. | 
| Connection Type | Defines how the endpoint is used in a Multi-Link configuration. | 
| NAT-T | Detects when an IPsec VPN tunnel goes through a NAT device. If NAT is detected, the VPN automatically uses UDP port 4500 for IKE negotiation messages, and encapsulates ESP packets in UDP packets that use port 4500. 
 | 
| Contact Addresses section | This section cannot be edited. The contact addresses for endpoints are defined in the Interface properties. | 
| Default | Used by default whenever a component that belongs to another Location connects to this interface. | 
| Dynamic | Used when the endpoint has a dynamic IP address. Note: Dynamic contact addresses are not supported on SSID Interfaces.  | 
| Exceptions | Opens the Exceptions dialog box. | 
| Phase-1 ID section | |
| ID Type | Identifies the Gateways during the IKE phase-1 negotiations. 
 | 
| Exceptions | Allows you to create VPN-specific exceptions if the endpoint must use different Phase-1 ID settings in individual policy-based VPNs. | 
| ID Value | Specifies the details of the ID Type. | 
| VPN Type section | |
| All types | Restricts the types of VPNs that the endpoint can be used in. | 
| Selected types only | Select one or more options. 
 Note:  The endpoint must have an IPv4 address if you want to use it in SSL VPN tunnels or to access the SSL VPN Portal.  | 
VPN Site Properties dialog box
Use this dialog box to view or edit the properties a VPN site.
| Option | Definition | 
|---|---|
| General tab | |
| Name | The name of the element. | 
| Comment | An optional comment for your own reference. | 
| Search | Opens a search field for the selected element list. | 
| Up (Backspace) | Returns to the previous folder. | 
| New | This option is not available in this dialog box. | 
| Tools | 
 | 
| VPN References tab | |
| VPN | Shows the VPNs where this site is used. | 
| Enable | When selected, the site is enabled in the specified VPN. | 
| Mode | Defines the mode for the Site for each VPN in which it is enabled. 
 |