SonicOS 8 IPSec VPN

Configuration on the Firewall

As part of the process to create a new VPN connection, an Address Object representing the VPC is added and can be viewed in SonicOS on the Address Objects page. Navigate to OBJECT | Match Objects > Addresses. The convention used to name the object combines the AWS IDs of the VPN connection and the VPC itself. The Address Object is a network type, with the network being that of the remote VPC.

Two VPN policies are also created, showing that AWS uses two VPNs per VPN connection to provide redundancy for a failover mechanism. Navigate to NETWORK | IPSec VPN > Rules and Settings. The VPN policy names used on the firewall are based on the AWS ID for the connection along with a suffix to differentiate between the two policies.

Matching the two VPN policies, two tunnel interfaces are created. Navigate to NETWORK | System > Interfaces. They also use a naming convention based on the ID of the VPN Connection.

Similarly, two route policies are created, both using the Address Object representing the VPC as their destination. Navigate to NETWORK | System > Dynamic Routing. Each one uses a different tunnel interface.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden