Configure the endpoint and sites for the NGFW Engine

In the Management Client, configure the endpoint and sites for the NGFW Engine.

1. Select Configuration, then browse to SD-WAN.
2. Browse to VPN Gateways.
3. Right-click the VPN Gateway element that represents the NGFW Engine, then select Properties.
4. Make sure that the external-facing interface of the NGFW Engine is enabled as the endpoint.
5. Right-click the endpoint, then select Properties.
   
6. From the NAT-T drop-down list, select Enabled.
7. In the Phase-1 ID section, configure the settings to match the configuration in the Private Access management portal.
   1. In the Phase-1 ID settings, select an option from the ID Type drop-down list according to the ID type that is configured for the local edge device in the Private Access management portal.
      • If the ID type in the Private Access management portal is a fully qualified domain name (FQDN), select DNS Name.
      • If the ID type in the Private Access management portal is an IP address, select IP Address.
   2. In the ID Value field, enter the ID value that is configured as the IKE ID of the local edge device in the Private Access management portal.
      • DNS Name — Enter the FQDN of the local edge device.
      • IP Address — Enter the IP address of the local edge device.
   Note: If the VPN endpoint is used in other VPNs, you must configure VPN-specific phase-1 ID exceptions. See the Forcepoint Next Generation Firewall Product Guide for more information.
8. Click OK to save your changes to the endpoint.
   Note: Do not close the Engine Editor.
9. In the navigation pane on the left, browse to VPN > Sites.
   
10. Select Networks, then select the internal network and click Add.
11. Click Save to save the changes, then close the Engine Editor.