Create External VPN Gateway elements

In the Management Client, create two External VPN Gateway elements to represent the cloud end of each connection.

The connections are used in an active-active configuration.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to SD-WAN.
  2. Browse to VPN Gateways.
  3. Create an External VPN Gateway element to represent the cloud end of the first VPN tunnel.
    1. Select New > External VPN Gateway.


    2. In the Name field, enter a descriptive name.
      Example: Private Access Tunnel 1
      Note: Do not close the External VPN Gateway Properties dialog box.
  4. Configure endpoints for the first external VPN gateway.
    1. On the Endpoints tab, click Add.


    2. Configure the following settings:
      • Name — (Optional) Enter a descriptive name, such as the same name that you provided for this connection in the Private Access management portal.
      • IP Address — Enter the value of the Tunnel destination IP address for the first tunnel from the Private Access management portal.
      • Connection Type — Select Active.
      • NAT-T — Select Enabled.
      • Phase-1 ID — From the ID Type drop-down list, select DNS Name. In the ID Value field, enter the value of the Forcepoint IKE ID from the Private Access management portal.
    3. Click OK.
    4. In the Enabled column, select the checkbox for the endpoint.
      Note: Do not close the External VPN Gateway Properties dialog box.
  5. Configure a site for the first external VPN gateway.
    1. On the Sites tab, browse to Hosts in the left pane.
    2. Select the Host element that represents the NAT IP address of the first tunnel, then click Add.
    3. Click OK.
    The configuration of the first external VPN gateway is complete.
  6. Create an External VPN Gateway element to represent the cloud end of the second VPN tunnel.
    1. Select New > External VPN Gateway.
    2. In the Name field, enter a descriptive name.
      Example: Private Access Tunnel 2
      Note: Do not close the External VPN Gateway Properties dialog box.
  7. Configure endpoints for the second external VPN gateway.
    1. On the Endpoints tab, click Add.
    2. Configure the following settings:
      • Name — (Optional) Enter a descriptive name, such as the same name that you provided for this connection in the Private Access management portal.
      • IP Address — Enter the value of the Tunnel destination IP address for the second tunnel from the Private Access management portal.
      • Connection Type — Select Active.
      • NAT-T — Select Enabled.
      • Phase-1 ID — From the ID Type drop-down list, select DNS Name. In the ID Value field, enter the value of the Forcepoint IKE ID from the Private Access management portal.
    3. Click OK.
    4. In the Enabled column, select the checkbox for the endpoint.
      Note: Do not close the External VPN Gateway Properties dialog box.
  8. Configure a site for the second external VPN gateway.
    1. On the Sites tab, browse to Hosts in the left pane.
    2. Select the Host element that represents the NAT IP address of the second tunnel, then click Add.
    3. Click OK.
    The configuration of the second external VPN gateway is complete.

Next steps

Configure the endpoint and sites for the NGFW Engine in the Management Client.