Edit the Web Security Cloud VPN

To enable VPN connectivity between NGFW Engines and Forcepoint Web Security Cloud, use the SMC Management Client to add the VPN gateways that represent your NGFW Engines to the imported Web Security Cloud VPN.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Browse to Policy-Based VPNs.
  3. Right-click the Web Security Cloud VPN element, then select Edit.
  4. On the Site-to-Site VPN tab, right-click the Web Security Cloud VPN Gateway element, then select Properties.


  5. On the Endpoints tab, select the external endpoints that correspond to the primary and secondary data centers that you configured in the cloud Security Portal, then click OK.
    If you do not see the data center that you want to use, see the list of data centers and their IP addresses in Knowledge Base article 16108.
  6. Drag and drop the VPN Gateway element that represents your NGFW Engine from the Resources pane to the Satellite Gateways pane.
  7. On the Tunnels tab, right-click the Key column for the VPN tunnel, then select Edit Key.


  8. Replace the pre-shared key with the key that you used in the cloud Security Portal, then click OK.
  9. Right-click the Mode column of the tunnel that connects to your secondary data center, then set the mode to Standby.


    If the primary data center is not available, the secondary data center is automatically used.
  10. If you have more than one endpoint configured on the NGFW Engine, select all the other tunnels that are available, right-click, then select Disable.


  11. Verify that you have one active tunnel and one standby tunnel only.


  12. Click Save.