These instructions explain how to configure a highly available IPsec VPN connection on a Forcepoint Next Generation Firewall (Forcepoint NGFW) for inbound private application traffic coming from Forcepoint Private Access.

In the Private Access management portal, look up the tunnel information and review the supported IKE and IPsec parameters.

In the Management Client, create a VPN Profile element for the VPN connection to Private Access.

In the Management Client, create Host elements to define the source IP addresses that are used for incoming private application traffic.

In the Management Client, create two External VPN Gateway elements to represent the cloud end of each connection.

In the Management Client, configure the endpoint and sites for the NGFW Engine.

In the Management Client, create a Policy-Based VPN element for each of the two tunnels, then define the topology and tunnel settings.

In the Management Client, add access rules to allow the traffic that you want to accept from both VPN tunnels. Review and modify the NAT rules if necessary.