Scribd Logo
Upload

Welcome to Scribd!

  • 08.NGFW VPN

    Uploaded by

    dika
    10 views14 pages
    sangfor NGFW

    Original Title

    08.NGFW_VPN

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    sangfor NGFW

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views14 pages

    08.NGFW VPN

    Uploaded by

    dika
    sangfor NGFW

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    SANGFOR Technologies Co., Ltd.

    International Service Centre: +60 12711 7129 (7511)


    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    Sangfor NGFW VPN Configuration

    January 2015
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    Declaration

    Copyright © SANGFOR Technologies Co., Ltd. All rights reserved.


    No part of this document may be reproduced or transmitted in any form or by any
    means without prior written consent of SANGFOR Technologies Co., Ltd.

    SANGFOR, SINFOR and logo are the trademarks of SANGFOR Technologies


    Co., Ltd. All other trademarks and trade names mentioned in this document are the
    property of their respective holders.
    Every effort has been made in the preparation of this document to ensure accuracy of
    the contents, but all statements, information, and recommendations in this document do
    not constitute a warranty of any kind, express or implied.
    The information in this document is subject to change without notice.
    To obtain the latest version, contact the international service center of SANGFOR
    Technologies Co., Ltd.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    Introduction/Problem Background

    A virtual private network (VPN) extends a private network across a public network,
    such as the Internet. It enables a computer or network-enabled device to send and receive
    data across shared or public networks as if it were directly connected to the private
    network, while benefiting from the functionality, security and management policies of the
    private network. A VPN is created by establishing a virtual point-to-point connection
    through the use of dedicated connections, virtual tunneling protocols, or traffic
    encryptions. Sangfor NGFW offers 2 types of VPN connections: SangforVPN and
    IPSecVPN. Next section discuss about few scenarios and the configuration steps needed
    to archieve the requirement.

    Objectives
    1. Understand and grasp Sangfor VPN and IPSecVPN configration steps
    2. Understand the Sangfor NGFW VPN module.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    Scenario & Configuration Settings

    1.1. Sangfor VPN configuration between Sangfor


    devices

    There are two units of Sangfor NGFW in customer site, one located in HQ and another
    one located in branch office and customer requirement is to build VPN tunnel between
    HQ and branch. The steps below shows VPN tunnel build by using Sangfor VPN:

    a) Configure VPN internal and external interface for both HQ and branch NGFW,
    ensure the external interface of HQ NGFW is able to connect to external interface of
    branch NGFW.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    b) Configure webagent under basic configuration, if the webagent is IP address and port
    number, configure in HQ NGFW only, meanwhile if using URL method for
    webagent, both HQ NGFW and branch NGFW need to be configured with the
    webagent.

    c) Add a VPN user, user type select [branch user].


    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    d) Add a VPN connection in Branch which connects to HQ NGFW webagent IP address


    and port 4009, configure with proper username/password and enable the connection.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    1.2. Sangfor VPN between NGFW and Pdlan device

    The network environment consist of one Sangfor NGFW and a user PC, user wants to
    connect his pc to the HQ NGFW and access to the internal resources by using VPN
    tunnel. The confguration steps show how to build VPN tunnel between client PC (via
    PDLAN software) and HQ NGFW using Sangfor VPN:

    a) Configure VPN internal and external interface in HQ NGFW, ensure the pdlan device
    is able to connect to external interface of HQ NGFW.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    b) Create and add a VPN user, user type select mobile, and configure virtual IP pool in
    the NGFW.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    c) Configure webagent in HQ NGFW and parameters in the pdlan application, after


    that, enable the VPN connection.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    1.3. IPSec VPN basic configuration

    This scenario shows configuration steps when we use Sangfor NGFW to build an IPSec
    VPN tunnel with another device.

    a) Phase 1 : Insert remote device IP address, pre-shared key and select connection
    mode.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    b) Phase 2 : Configure outbound policy(current device local subnet), inbound


    policy(remote device local subnet) and same SA period for both devices.
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk
    SANGFOR Technologies Co., Ltd.
    International Service Centre: +60 12711 7129 (7511)
    Malaysia: 1700817071
    Email: tech.support@sangfor.com.hk
    RMA: rma@sangfor.com.hk

    FAQ

    1. What is the different between Main mode and Aggresive mode in IPSec VPN?

    You might also like