# Configuration Guide# How to Configure IPSec VPN with Sanfor and a 3rd Party Firewall

# Configuration Guide# How to Configure IPSec VPN with Sangfor and a 3rdParty Firewall

*Product: NGAF
*1. Introduction
1.1 Scenario
Configure an IPSec VPN on the NGAF. The other end is a 3rdParty Security Appliance (Firewall). Their respective Local LAN should have aconnection.
1.       Sangfor NGAF:
Local IP:
2.      3rd Party Firewall
Local IP:


1.2 Requirements
1. Assume that the 3rd PartyFirewall has already set and has connection to the internet.
2. Endpoints on the NGAF side must have routeto the NGAF and can access the internet also.

*2. Configuration Guide
2.1 NGAF Configuration

Step 1.Configure the interface, zone and attributes:
Go to Network> Interfaces

* Set the IP Adress to Static
* Input as pictured atthe topology

Step 2: Configure the VPN Path, go to Network> IPSec VPN > Basic Settings.


* Set the IP Address of the3rd Party Firewall

Step:3 Configure connections between Local Peers
Go to Network > Third-Party Connection > Add New Connection

·       LocalIP Address: Input the intranet network segment of thelocal device
·       PeerIP Address: Input the intranet network segment ofthe peer device

Step 4: IKE Options


Step 5: Other Options


Step 6: After successfully configuration, we can verify the status of the tunnel in the IPSec VPN > Status

*3. Precaution
1. Dynamic IP needsto apply for a domain name.

