This quick config shows the fastest way to
get up and running with LSVPN. In this example, a single firewall at
the corporate headquarters site is configured as both a portal and
a gateway. Satellites can be quickly and easily deployed with minimal
configuration for optimized scalability.
The
following workflow shows the steps for setting up this basic configuration:
To enable visibility into users and
groups connecting over the VPN, enable User-ID in the zone where the
VPN tunnels terminate.
In this example, the Tunnel
interface on the portal/gateway requires the following configuration:
Interface
—tunnel.1
Security Zone
—lsvpn-tun
Create the Security policy rule to enable traffic flow
between the VPN zone where the tunnel terminates (lsvpn-tun) and
the trust zone where the corporate applications reside (L3-Trust).
,
will be used to issue the server certificate for the portal/gateway.
In addition, the portal will use this root CA certificate to sign the
CSRs from the satellites.
Because the portal and gateway are on the same interface
in this example, they can share an SSL/TLS Service profile that
uses the same server certificate. In this example, the profile is named
a Satellite configuration
and a Trusted Root CA and specify the CA the portal will use to
issue certificates for the satellites. In this example the required
settings are as following: