SANGFOR - NGAF - v8.0.8 - Build IPSec VPN With WatchGuard Configuration Guide

This document provides instructions for configuring an IPSec VPN tunnel between a WatchGuard firewall and an NGAF appliance. It describes the application scenarios, and provides screenshots to guide the configuration of phase 1 and phase 2 on both the WatchGuard and NGAF sides, including setting the gateway, phase 1 settings, tunnels, phase 2 settings and security options.

Uploaded by

Ahmad Firdaus

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

148 views

SANGFOR - NGAF - v8.0.8 - Build IPSec VPN With WatchGuard Configuration Guide

Uploaded by

Ahmad Firdaus

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 9

NGAF Configuration Guide Version 8.0.

NGAF
Build IPSec VPN With WatchGuard
Configuration Guide
Version 8.0.8
Contents
1 Function introduction ............................................................................................................... 1
2 Application scenarios................................................................................................................ 1
3 Configuration and screenshot .................................................................................................. 1
3.1 Configuration WatchGuard side ........................................................................................ 1
3.2 Configure NGAF side.............................................................................................................. 5
NGAF Configuration Guide Version 8.0.8

1 Function introduction
The full name of VPN is Virtual Private Network. VPN is defined as establishing a temporary and
secure connection over a public network (normally through Internet), a secure and stable tunnel
through a chaotic public network. By using this tunnel, you can encrypt data several times to achieve
the purpose of using Internet safely. A virtual private network is an extension of an intranet. Virtual
private networks help to remote users, corporate branches, business partners, and suppliers establish
trusted and secure connections to the company's intranet for secure extranet virtual private networks
that connect to business partners and users. VPN mainly uses tunnel technology, encryption
technology, decryption technology, key management technology and user and device identity
authentication technology.

2 Application scenarios
NGAF build IPsec VPN with Watchguard, the network topology is as follows.

3 Configuration and screenshot

3.1 Configuration WatchGuard side
1. Configure the phase 1. Go to VPN > Branch Office VPN, on Gateways click on the Add
button then fill in the Gateway Name and Pre-Share Key. After that click on the Add button
below the Gateway Endpoint to add the phase 1 configuration.

W.: www.sangfor.com | W.: community.sangfor.com | E.: [email protected] 1

NGAF Configuration Guide Version 8.0.8

2. After clicked on the Add button, it will promt out a tab and you need to feel in the phase 1
information as below:

W.: www.sangfor.com | W.: community.sangfor.com | E.: [email protected] 2

NGAF Configuration Guide Version 8.0.8

Note: Suggest to keep default for the Advanced settings.

3. After configure the Gateway Endpoint information, you need to fill in the phase 1 information
on Phase 1 Settings as below:

Note: Version that NGAF support is only IKEv1.

W.: www.sangfor.com | W.: community.sangfor.com | E.: [email protected] 3

NGAF Configuration Guide Version 8.0.8

Note: For the SA life time used in this scenario is the default of the WatchGuard device, it can be
change accordingly.
4. After conigured phase 1, go to Tunnels and click on the Add button then fill in the phase 2
informations such as tunnel name, choose gateway that created and click on the Add button
to add the addresses as below.