This quick config shows the fastest way to
get up and running with LSVPN. In this example, a single firewall at
the corporate headquarters site is configured as both a portal and
a gateway. Satellites can be quickly and easily deployed with minimal
configuration for optimized scalability.
The
following workflow shows the steps for setting up this basic configuration:
To enable visibility into users and
groups connecting over the VPN, enable User-ID in the zone where the
VPN tunnels terminate.
In this example, the Tunnel
interface on the portal/gateway requires the following configuration:
Interface—tunnel.1
Security Zone—lsvpn-tun
Create the Security policy rule to enable traffic flow
between the VPN zone where the tunnel terminates (lsvpn-tun) and
the trust zone where the corporate applications reside (L3-Trust).
Because the portal and gateway are on the same interface
in this example, they can share an SSL/TLS Service profile that
uses the same server certificate. In this example, the profile is named lsvpnserver.
In this example, the certificate profile lsvpn-profile references
the root CA certificate lsvpn-CA. The gateway
will use this certificate profile to authenticate satellites attempting
to establish VPN tunnels.
Configure an authentication profile for the portal to
use if the satellite serial number is not available.
On the Satellite tab in the portal
configuration, Add a Satellite configuration
and a Trusted Root CA and specify the CA the portal will use to
issue certificates for the satellites. In this example the required
settings are as following: