VPN Topology Best Practices

VPN Topology centralizes and simplifies the configuration of VPN settings and policies across a group of firewalls through a wizard-based, step-by-step setup process.

Follow these recommendations to ensure smooth VPN topology configuration and avoid disruptions during deployment and operation:

• Synchronize the firewalls in NSM/Firewall Management before configuring the VPN topology if the firewall status is Out of Sync on the Inventory page. Synchronize firewalls according to Synchronizing Firewall Configuration with Firewall Management.
• Avoid changing VPN topology settings or security association proposal settings during operational hours, as these changes interrupt active VPN tunnels.
• Avoid changing VPN tunnel settings from the firewall UI after applying the VPN topology. Make all the changes through NSM/Firewall Management, as the firewall does not sync firewall UI-based VPN changes with the VPN topology in NSM/Firewall Management. This makes future updates from NSM/Firewall Management difficult.