Professional Documents
Culture Documents
January 2015
SANGFOR Technologies Co., Ltd.
International Service Centre: +60 12711 7129 (7511)
Malaysia: 1700817071
Email: tech.support@sangfor.com.hk
RMA: rma@sangfor.com.hk
Declaration
Introduction/Problem Background
A virtual private network (VPN) extends a private network across a public network,
such as the Internet. It enables a computer or network-enabled device to send and receive
data across shared or public networks as if it were directly connected to the private
network, while benefiting from the functionality, security and management policies of the
private network. A VPN is created by establishing a virtual point-to-point connection
through the use of dedicated connections, virtual tunneling protocols, or traffic
encryptions. Sangfor NGFW offers 2 types of VPN connections: SangforVPN and
IPSecVPN. Next section discuss about few scenarios and the configuration steps needed
to archieve the requirement.
Objectives
1. Understand and grasp Sangfor VPN and IPSecVPN configration steps
2. Understand the Sangfor NGFW VPN module.
SANGFOR Technologies Co., Ltd.
International Service Centre: +60 12711 7129 (7511)
Malaysia: 1700817071
Email: tech.support@sangfor.com.hk
RMA: rma@sangfor.com.hk
There are two units of Sangfor NGFW in customer site, one located in HQ and another
one located in branch office and customer requirement is to build VPN tunnel between
HQ and branch. The steps below shows VPN tunnel build by using Sangfor VPN:
a) Configure VPN internal and external interface for both HQ and branch NGFW,
ensure the external interface of HQ NGFW is able to connect to external interface of
branch NGFW.
SANGFOR Technologies Co., Ltd.
International Service Centre: +60 12711 7129 (7511)
Malaysia: 1700817071
Email: tech.support@sangfor.com.hk
RMA: rma@sangfor.com.hk
b) Configure webagent under basic configuration, if the webagent is IP address and port
number, configure in HQ NGFW only, meanwhile if using URL method for
webagent, both HQ NGFW and branch NGFW need to be configured with the
webagent.
The network environment consist of one Sangfor NGFW and a user PC, user wants to
connect his pc to the HQ NGFW and access to the internal resources by using VPN
tunnel. The confguration steps show how to build VPN tunnel between client PC (via
PDLAN software) and HQ NGFW using Sangfor VPN:
a) Configure VPN internal and external interface in HQ NGFW, ensure the pdlan device
is able to connect to external interface of HQ NGFW.
SANGFOR Technologies Co., Ltd.
International Service Centre: +60 12711 7129 (7511)
Malaysia: 1700817071
Email: tech.support@sangfor.com.hk
RMA: rma@sangfor.com.hk
b) Create and add a VPN user, user type select mobile, and configure virtual IP pool in
the NGFW.
SANGFOR Technologies Co., Ltd.
International Service Centre: +60 12711 7129 (7511)
Malaysia: 1700817071
Email: tech.support@sangfor.com.hk
RMA: rma@sangfor.com.hk
This scenario shows configuration steps when we use Sangfor NGFW to build an IPSec
VPN tunnel with another device.
a) Phase 1 : Insert remote device IP address, pre-shared key and select connection
mode.
SANGFOR Technologies Co., Ltd.
International Service Centre: +60 12711 7129 (7511)
Malaysia: 1700817071
Email: tech.support@sangfor.com.hk
RMA: rma@sangfor.com.hk
FAQ
1. What is the different between Main mode and Aggresive mode in IPSec VPN?