The Auto-Link VPN scenario
Guru Member
Scenario:
When establishing a VPN with a third-party gateway (Such like Check Point or Fortigate), you need to use auto-link VPN (previously called non-nebula VPN).
In fact, after completing the connection by following the default profile, the Phase 2 Local Policy will only set the first subnet, which may cause traffic from other subnets to be blocked.
For example:
In this case, Local Policy will only set to "192.168.1.0/24"
But you may have requirements for other subnet traffic like 192.168.3.0/24.
Answer:
We recommend using a route-based VPN on Nebula.
1)Please modify IPSec Policy "Custom"
And give the VPN tunnel interface
In this case, Local Policy will be "0.0.0.0/0". Firewall would allow other subnets into Tunnel after you completed the next routing setup.
2)Click Routing, and set the correct Policy Route.
For example:
Source Address: 192.168.3.0/24
Destination Address: Peer Subnet
Next-hop: VPN profile
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 193 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 473 USG FLEX H Series
- 311 Security Ideas
- 1.6K Switch
- 82 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 282 Service & License
- 445 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight