soneosansan Lv3Posted 23 Nov 2023 13:11
  
To create a branch user, select "branch user" when creating a new user.


Establish the Phase 1 setup of the IPSec VPN, which entails setting the mode, exchanging pre-shared keys, validating ID, DPD, and NAT T.


Configure the VPN interface by choosing "IPSec VPN" as the interface type when you add a VPN interface. If the LAN interface is not already in the VPN interface, add it and enable the VPN service.



Establish the VPN connection by choosing "third-party connection" and adding a fresh one. Input the device name, peer IP address, and pre-shared key authentication method. Choose the local line, which ought to match the interface's outgoing line, and enter the shared key.
ArsalanAli Lv3Posted 23 Nov 2023 16:08
  
Follow these Simple Steps. (Sangfor VPN Creation) (This process has to be done on both Firewall)

1.Configure the interface with Live IP "Must Check WAN"
2.Go to Network > IPSecVPN  > Basic Setting and Select Wan Interfaces, and your local Networks in VPN subnet.
3.Local User > add a user of another site
4.VPN Connection > Add "Set the names and Passwords"
Screenshots step wise are also attached

1.png (17.66 KB, Downloads: 403)

1.png

2.png (30.08 KB, Downloads: 393)

2.png

3.png (34.69 KB, Downloads: 390)

3.png

4.png (32.32 KB, Downloads: 394)

4.png
jerome_itable Lv3Posted 24 Nov 2023 09:20
  
Here are the steps for both the Headquarters and Branch configurations:

Headquarters Configuration

    Enable VPN Service: Go to Network > IPSec VPN > Status and click Enable VPN Service.

    Add VPN Paths: Go to Basic Settings > VPN Paths > Add. Select the WAN interface you want to use for VPN and specify the public IP address that will be used for VPN (changing the ISP name has no effect).

    Add Third-Party Connection: Go to Third-Party Connection to use for IPSec VPN and click Add Connection. You will need to fill in the following information:
        VPN Connection Name: Enter a name for the VPN connection.
        Peer IP Address: Enter the public IP address of the Branch NGAF.
        Authentication Method: Select Pre-Shared Key.
        Shared Key: Enter a shared key that will be used for authentication.
        Local Line: Select the local line that is the same as the outgoing line of one interface.
        Enable Aggressive Mode: Select this option if you want to use aggressive mode for the VPN connection. Aggressive mode can improve performance, but it is less secure than main mode.

    Save the configuration: Click Save to save the configuration.

Branch Configuration

    Enable VPN Service: Go to Network > IPSec VPN > Status and click Enable VPN Service.

    Add VPN Paths: Go to Basic Settings > VPN Paths > Add. Select the WAN interface you want to use for VPN and specify the public IP address that will be used for VPN (changing the ISP name has no effect).

    Add Third-Party Connection: Go to Third-Party Connection to use for IPSec VPN and click Add Connection. You will need to fill in the following information:
        VPN Connection Name: Enter a name for the VPN connection.
        Peer IP Address: Enter the public IP address of the Headquarters NGAF.
        Authentication Method: Select Pre-Shared Key.
        Shared Key: Enter the shared key that was used for authentication in the Headquarters configuration.
        Local Line: Select the local line that is the same as the outgoing line of one interface.
        Enable Aggressive Mode: Select this option if you want to use aggressive mode for the VPN connection. Aggressive mode can improve performance, but it is less secure than main mode.

    Save the configuration: Click Save to save the configuration.

Testing the VPN Connection

    Go to Network > IPSec VPN > Status.

    Click on the VPN connection that you created.

    The VPN connection status should be Established.

You can now test the VPN connection by trying to access resources on the other network.

Additional Notes

    You may need to configure firewall rules on both the Headquarters and Branch NGAFs to allow VPN traffic.

    If you are using dynamic IP addresses, you will need to use a dynamic DNS service to keep the public IP addresses of the Headquarters and Branch NGAFs up to date.

    If you are using aggressive mode, you may need to increase the MTU on the WAN interfaces of the Headquarters and Branch NGAFs to 1458.

I hope this helps!
MTR Lv2Posted 26 Nov 2023 19:07
  
To set up a site-to-site VPN on your NGAF (Next-Generation Application Firewall) for the Head Quarters and Branch configuration, you can follow these general steps:

Configure the NGAF devices: Set up the NGAF devices at both the Head Quarters and Branch locations. Ensure that they are properly connected to the network and have the necessary configurations in place.

Create VPN profiles: Access the NGAF management interface and navigate to the VPN settings. Create VPN profiles for the site-to-site connection. You may need to specify the encryption algorithms, authentication methods, and other parameters according to your network requirements.

Configure IPsec settings: IPsec (Internet Protocol Security) is commonly used for site-to-site VPN connections. Configure the IPsec settings on both the Head Quarters and Branch NGAF devices. This includes defining the IPsec policies, specifying the local and remote subnets, and configuring the security associations.

Establish the VPN tunnel: Once the VPN profiles and IPsec settings are configured, initiate the VPN tunnel between the Head Quarters and Branch NGAF devices. This will establish a secure connection between the two locations.

Test the connectivity: After the VPN tunnel is established, test the connectivity between the Head Quarters and Branch networks. Ensure that you can access resources on both sides of the VPN and that the communication is secure.

Please note that the specific steps and configurations may vary depending on the NGAF model and firmware version you are using. It is recommended to refer to the NGAF documentation

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders