Centralized Firewall Management Administration Guide

Technical Documentation>  VPN Topology>  IPSec VPN Topology>  Topologies>  Adding a VPN Topology>  Adding Devices (For Full Mesh Topology)
Table of Contents

Adding Devices (For Full Mesh Topology)

To add devices

  1. Select devices that are part of a group from the Choose devices drop-down menu. You can also search for the devices or groups in the list by typing the name in the input field.

  2. Select the Configuration Type to be used.

    After selecting the Configuration Type and creating a topology, the configuration type cannot be modified.

    Common Configuration: Select this option to apply a common configuration to multiple devices.

    1. Enter the configuration details.

      WAN Interface Select a WAN Interface from the existing list or add a new Custom Interface.
      Primary WAN IP

      Enter the primary gateway in the field.

      You can add an existing variable object or create a new one in common configuration.

      Click the Variable icon to select an existing variable object or create a new one.
      Secondary WAN IP

      Enter the secondary gateway in the field.

      You can add an existing variable object or create a new one in common configuration.

      Click the Variable icon to select an existing variable object or create a new one.
      Local IKE ID Criteria

      Choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
      IKE ID

      This field is auto-populated if Firewall ID is selected as Local IKE ID Criteria and cannot be edited.

      Enter the IKE ID if any other option is selected.
      Protected Network/Local Network

      Select an Address Object or Address Group (default or custom) from the drop-down menu. If the list is empty, you can create a new custom address object and group.

      If you are creating an Address Object while configuring a Spoke with the Common Configuration option, the Zone Assignment drop-down menu displays only the common Default and Custom zones of the selected devices.

      Select an Existing Address Object or Address Group:

      1. Choose Existing Address Object/Group option.

      2. Select Device from the drop-down menu

         

        • You can select only one device.
        • The Select Source Address/Network drop-down menu lists the Address Objects and Address Groups associated with the selected device.

      3. Select the Address Object or Address Group that you want to apply as a common configuration across all selected devices.

      Create a New Address Object:

      1. Choose Create New Address Object/Group option.

      2. Click the Edit icon and select New Address Object.

        The Zone Assignment drop-down menu displays only the common Default and Custom zones of the selected devices.

      3. Enter the Address Object details and click Save. For more information, refer to Adding Address Objects.

      Create a New Address Group:

      1. Choose Create New Address Object/Group option.

      2. Click the Edit icon and select New Address Group.

      3. Enter Address Group details and click Save. For more information, refer to Adding Address Groups.

    2. Click Accept For All for Common Configuration.

      Make sure that all the required fields are filled before clicking Accept For All

    Per Device: Select this option to apply a configuration to a specific device.

    The devices that are selected are displayed in a list. You can also search for the devices or groups in the list by typing the name in the input field.

    1. Click the Edit icon in the ACTION column of the selected device.

    2. Enter the configuration details.

      WAN Interface Select a WAN Interface from the existing list or add a new Custom Interface.
      Primary WAN IP

      Enter the primary gateway in the field.

      You can add an existing variable object or create a new one in common configuration.

      Click the Variable icon to select an existing variable object or create a new one.
      Secondary WAN IP

      Enter the secondary gateway in the field.

      You can add an existing variable object or create a new one in common configuration.

      Click the Variable icon to select an existing variable object or create a new one.
      Local IKE ID Criteria

      Choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
      IKE ID

      This field is auto-populated if Firewall ID is selected as Local IKE ID Criteria and cannot be edited.

      Enter the IKE ID if any other option is selected.
      Protected Network/Local Network

      Select an Address Object or Address Group (default or custom) from the drop-down menu. If the list is empty, you can create a new custom address object and group. Click the Edit icon to add or edit Address Object and Group.

      If you are creating an Address Object while configuring a Spoke with the Common Configuration option, the Zone Assignment drop-down menu displays the Default and Custom zones of the selected device.

    3. Click Save.

      Save is enabled only when all the fields are filled.

    4. Repeat the Per Device configuration for all selected devices.

  3. Click Next.

    Sections with incomplete fields are marked as Need input. When all required fields are completed and accepted (if applicable), the section is marked as Configured, and Next becomes available.

Chat