Jhonny Lv1Posted 16 Nov 2023 09:32

Can you teach me how to set at site-to-site VPN on my NGAF? The Head Quarters and Branch configuration.

ArsalanAli has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Follow these Simple Steps. (Sangfor VPN Creation) (This process has to be done on both Firewall)

1.Configure the interface with Live IP "Must Check WAN"
2.Go to Network > IPSecVPN  > Basic Setting and Select Wan Interfaces, and your local Networks in VPN subnet.
3.Local User > add a user of another site
4.VPN Connection > Add "Set the names and Passwords"
Screenshots step wise are also attached
Is this answer helpful?
Newbie517762 Lv4Posted 16 Nov 2023 10:22
Hi there,

There are many articles in this community. Please find them below for your reference:
SassyScorpio Lv2Posted 21 Nov 2023 18:00
Setting up a site-to-site VPN involves a series of steps, and it's specific to your network infrastructure. NGAF (Next-Generation Adaptive Firewall) devices might have their own interface and protocols for VPN setup. Typically, for a site-to-site VPN between HQ and branches:

1. Identify VPN Parameters: Note down HQ and branch network details, like IP addresses, encryption methods, authentication protocols, etc.

2. Access NGAF Interfaceog in to the NGAF device's management interface. This could be a web-based GUI or a command-line interface.

3. Configure VPN Settingsook for VPN or tunneling settings in the NGAF interface. You'll need to specify settings like tunnel endpoints (HQ and branch IPs), encryption algorithms, shared keys, etc.

4. Establish Connection:Once settings are configured, initiate the connection from both ends. Monitor logs or status indicators to ensure the VPN connection is established successfully.

5. Test Connectivity:Verify if devices from HQ can communicate with devices at the branches and vice versa. Troubleshoot any connectivity issues if they arise.

As NGAF devices might have their own interface and specifics for VPN setup, it's crucial to refer to the device's documentation or vendor-provided guides for detailed step-by-step instructions tailored to your specific NGAF model and firmware version.
mdamores Lv2Posted 22 Nov 2023 10:28
Setting up site to site VPN on an NGAF involves configurations on the firewall to establish secure connection between 2 or more sites. The steps may vary depending on the model and software versions but you may refer to the steps below:

1. you need to get the IP addresses of both sites. Public IP addresses (if applicable) and/or local network subnets for each site
2. access the NGAF's IP address thru web browser
3. locate the VPN configuration section. usually under a "VPN" or "network" section depending on the model and version.
4. Create a VPN tunnel
   - define which site will do the VPN connection initiation and specify the responder's IP address or hostname
   - choose the authentication method (PSK or certificates) and enter the PSK or configure the certificate settings
   - configure Phase and Phase 2 settings including the encryption, hash algorithms, and lifelines. It should be matched from both ends
   - specify the involved local and remote networks in the VPN
5. make sure that routing is properly configured to direct traffic thru VPN tunnel
6. create firewall rules to allow traffic between the local and remote networks thru VPN tunnel
7. testing and commissioning of the connectivity between local and remote devices
Farina Ahmed Lv5Posted 22 Nov 2023 14:26
Setting up a site-to-site VPN (Virtual Private Network) involves configuring your Next-Generation Firewall (NGAF) to establish a secure connection between the headquarters and branch locations. Begin by accessing the NGAF interface and navigating to the VPN settings. Define the VPN tunnel parameters such as encryption algorithms, authentication methods, and tunnel endpoints for both sites. Assign unique identifiers for easy recognition, set up IP address ranges or subnets for each site, and establish appropriate routing rules to direct traffic through the VPN tunnel. Ensure that firewall rules permit VPN traffic between the sites, and thoroughly test the connection to verify its functionality. Remember, specifics might vary based on your NGAF version or interface, so work accordingly by viewing documentation.
isabelita Lv3Posted 23 Nov 2023 12:19
Below is a general guide for setting up a site-to-site VPN on Sangfor NGAF. Please refer to the official documentation or seek assistance from Sangfor support for the most accurate and updated information based on your NGAF version.

Access to Sangfor NGAF web interface.
Knowledge of the IP addresses and network configurations of the HQ and branch offices.
Site-to-Site VPN Configuration Steps:
Step 1: Log in to Sangfor NGAF Web Interface
Open a web browser and enter the IP address or hostname of your Sangfor NGAF device. Log in with the appropriate credentials.

Step 2: Navigate to VPN Configuration
Navigate to the VPN configuration section. This may be located under a "VPN" or "Security" menu. Specific menu names might vary based on the NGAF version.

Step 3: Create VPN Policy
HQ Configuration:

Create a new VPN policy for the HQ. Specify the local and remote IP addresses, encryption settings, and authentication details.
Define the local and remote networks that will be part of the VPN.
Set the IKE (Internet Key Exchange) parameters, such as the encryption algorithm and pre-shared key.
Branch Configuration:

Repeat the process for the branch office, ensuring that the local and remote details are appropriately configured.
Use the same pre-shared key as configured on the HQ side.
Specify the local and remote networks.
RobertonY Lv2Posted 23 Nov 2023 12:19
Branch Configuration:

Repeat the process for the branch office, ensuring consistency with the HQ configuration.
Step 5: Apply and Activate the VPN Configuration
Apply the VPN configuration on both the HQ and branch offices.
Activate the VPN to establish the secure connection between the two sites.
Step 6: Verify the Connection
Check the VPN status to ensure that the connection is established.
Verify network connectivity between the HQ and branch offices.
Racoon Lv2Posted 23 Nov 2023 12:19
Ensure that the firewall rules on both ends allow traffic between the VPN networks.
Periodically review and update VPN configurations for security and compliance.
Remember to consult the official Sangfor NGAF documentation for detailed and version-specific instructions. If you encounter any issues or have specific questions, it's advisable to contact Sangfor support for assistance.
Rica Cortez Lv2Posted 23 Nov 2023 13:06
Creating a secure connection between the main office and branch sites requires setting your Next-Generation Firewall (NGAF) for a site-to-site VPN (Virtual Private Network). Start by going to the VPN settings using the NGAF interface. Establish the VPN tunnel's specifications, including the authentication techniques, encryption algorithms, and tunnel endpoints for each site. Assign distinct identities to facilitate identification, configure IP address ranges or subnets for every location, and provide the necessary routing rules to guide traffic across the VPN tunnel. Make sure the firewall rules allow VPN traffic to flow between the sites, and make sure the connection is working properly by giving it a full test. Keep in mind that details may change depending on your NGAF version or interface, so consult the manual carefully.
LucyHeart Lv3Posted 23 Nov 2023 13:08
1. Obtaining the IP addresses of both websites is necessary. For every site, public IP addresses and/or local network subnets, if applicable
2. use a web browser to find the IP address of the NGAF
3. find the section on VPN setup. Typically, depending on the model and version, under the "network" or "VPN" area.
4. Establish a VPN tunnel.
- indicate which website will initiate the VPN connection and provide the IP address or hostname of the respondent.
Select the authentication technique (certificates or PSK) and set up the certificate settings or input the PSK.

I Can Help:


Moderator on This Board


Started Topics




Started Topics



Board Leaders