Network Security Manager 4.0 On-Premises Administration Guide

Technical Documentation>  VPN Topology>  IPSec VPN Topology>  Topologies>  Adding a VPN Topology>  Adding a Hub and Spoke
Table of Contents

Adding a Hub and Spoke

To add a hub and spoke

  1. Select a device that is part of a group from the Choose Devices drop-down menu. You can also search for the device or group in the list by typing the name in the input field.

  2. Enter the Hub details.

    WAN Interface Select a WAN Interface from the existing list or add a new Custom Interface.
    Primary WAN IP Enter the primary gateway in the field.
    Secondary WAN IP Enter the secondary gateway in the field.
    Local IKE ID Criteria

    Choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, or Email Address.
    IKE ID

    This field is auto-populated when Firewall ID is selected as Local IKE ID Criteria and cannot be edited.

    Enter the IKE ID if any other option is selected.
    Protected Network/Local Network

    Select a network which participates in VPN connection from hub side.

    Select an Address Object or Address Group (default or custom) from the drop-down menu. If the list is empty, you can create a new custom address object and group. Click the Edit icon to add or edit Address Object and Group.

    If you are creating an Address Object while configuring a Hub, the Zone Assignment drop-down menu displays the Default and Custom zones of the selected device.

  3. Click the caret icon next to the ADD SPOKE details.

  4. Select devices from the Choose devices drop-down menu and click Apply. You can also search for the devices or groups in the list by typing the name in the input field. The devices that are selected are displayed in a list.

    You can select multiple devices.

    Hub and Spokes should not have overlapping IP Addresses in any of the fields.

  5. Select the Configuration Type to be used.

    After selecting the Configuration Type and creating a topology, the configuration type cannot be modified.

    Common Configuration: Select this option to apply a common configuration to multiple devices.

    1. Enter the configuration details.

      WAN Interface Select a WAN Interface from the existing list or add a new Custom Interface.
      Local IKE ID Criteria

      Choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
      IKE ID

      This field is auto-populated if Firewall ID is selected as Local IKE ID Criteria and cannot be edited.

      Enter the IKE ID if any other option is selected.
      Protected Network/Local Network

      Select an Address Object or Address Group (default or custom) from the drop-down menu. If the list is empty, you can create a new custom address object and group.

      If you are creating an Address Object while configuring a Spoke with the Common Configuration option, the Zone Assignment drop-down menu displays only the common Default and Custom zones of the selected devices.

      Select an Existing Address Object or Address Group:

      1. Choose Existing Address Object/Group option.

      2. Select Device from the drop-down menu

         

        • You can select only one device.
        • The Select Source Address/Network drop-down menu lists the Address Objects and Address Groups associated with the selected device.

      3. Select the Address Object or Address Group that you want to apply as a common configuration across all selected devices.

      Create a New Address Object:

      1. Choose Create New Address Object/Group option.

      2. Click the Edit icon and select New Address Object.

        The Zone Assignment drop-down menu displays only the common Default and Custom zones of the selected devices.

      3. Enter the Address Object details and click Save. For more information, refer to Adding Address Objects.

      Create a New Address Group:

      1. Choose Create New Address Object/Group option.

      2. Click the Edit icon and select New Address Group.

      3. Enter Address Group details and click Save. For more information, refer to Adding Address Groups.

    2. Click Accept For All for Common Configuration.

      Make sure that all the required fields are filled before clicking Accept For All

    Per Spoke: Select this option to apply a configuration to a specific device.

    The devices that are selected are displayed in a list. You can also search for the devices or groups in the list by typing the name in the input field.

    1. Click the Edit icon in the ACTION column of the selected device.

    2. Enter the configuration details.

      WAN Interface Select a WAN Interface from the existing list or add a new Custom Interface.
      Local IKE ID Criteria

      Choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
      IKE ID

      This field is auto-populated if Firewall ID is selected as Local IKE ID Criteria and cannot be edited.

      Enter the IKE ID if any other option is selected.
      Protected Network/Local Network

      Select an Address Object or Address Group (default or custom) from the drop-down menu. If the list is empty, you can create a new custom address object and group. Click the Edit icon to add or edit Address Object and Group.

      If you are creating an Address Object while configuring a Spoke with the Common Configuration option, the Zone Assignment drop-down menu displays the Default and Custom zones of the selected device.

    3. Click Save.

      Save is enabled only when all the fields are filled.

    4. Repeat the Per Spoke configuration for all selected devices.

  6. Click Next.

    Sections with incomplete fields are marked as Need input. When all required fields are completed and accepted (if applicable), the section is marked as Configured, and Next becomes available.

Chat