This quick config shows the fastest way to
get up and running with LSVPN. In this example, a single firewall
at the corporate headquarters site is configured as both a portal
and a gateway. Satellites can be quickly and easily deployed with
minimal configuration for optimized scalability.
The following workflow
shows the steps for setting up this basic configuration:
To enable visibility into users and
groups connecting over the VPN, enable User-ID in the zone where
the VPN tunnels terminate.
In this example, the Tunnel
interface on the portal/gateway requires the following configuration:
Interface—tunnel.1
Security Zone—lsvpn-tun
Create the Security policy rule to enable traffic flow
between the VPN zone where the tunnel terminates (lsvpn-tun) and
the trust zone where the corporate applications reside (L3-Trust).
Because the portal and gateway are on the same interface
in this example, they can share an SSL/TLS Service profile that
uses the same server certificate. In this example, the profile is
named lsvpnserver.
In this example, the certificate profile lsvpn-profile references
the root CA certificate lsvpn-CA. The gateway
will use this certificate profile to authenticate satellites attempting
to establish VPN tunnels.
On the Satellite tab in the portal
configuration, Add a Satellite configuration
and a Trusted Root CA and specify the CA the portal will use to
issue certificates for the satellites. In this example the required
settings are as following: