This quick configuration shows the fastest way to get up and running with LSVPN. In this example,
a single firewall at the corporate headquarters site is configured as both a portal
and a gateway. Satellites can be quickly and easily deployed with minimal
configuration for optimized scalability.
The following workflow
shows the steps for setting up this basic configuration:
To enable visibility into users and
groups connecting over the VPN, enable User-ID in the zone where
the VPN tunnels terminate.
In this example, the Tunnel
interface on the portal/gateway requires the following configuration:
Interface
—tunnel.1
Security Zone
—lsvpn-tun
Create the Security policy rule to enable traffic flow
between the VPN zone where the tunnel terminates (lsvpn-tun) and
the trust zone where the corporate applications reside (L3-Trust).
,
will be used to issue the server certificate for the portal/gateway.
In addition, the portal will use this root CA certificate to sign
the CSRs from the satellites.
Because the portal and gateway are on the same interface
in this example, they can share an SSL/TLS Service profile that
uses the same server certificate. In this example, the profile is
named
a Satellite configuration and a Trusted root
CA and specify the CA the portal will use to issue certificates for the
satellites. In this example, the required settings are as following: