Jump to content


Photo

Create VPN Tunnels with GTI editor with DHCP Interface

f18 ngfw control center f600

Best Answer Stefan Hora, 15 February 2017 - 12:38 PM

There is another preferred way: in the VPN Service config tree there is a GTI Settings part where you can specify the defaults per box. Just set the F18 transport sources to dynamic and at the central box e.g. second IP (if the second server IP is where your VPN Server listens).
Then mark the central box as a hub in GTI Settings.
From now on each time you add a vpn Service to the GTI there is automatically a tunnel created to the hub.

If you need that the branches can communicate with each other via the hub then specify e.g. 10.0.0.0/8 under GTI Networks at the server settings and the real lan networks for the server settings at the branches.

Go to the full post


  • Please log in to reply
4 replies to this topic

#1 Sascha Henke

Sascha Henke
  • Members
  • 4 posts
  • LocationDuesseldorf, Germany

Posted 15 February 2017 - 08:50 AM

Hi all,

 

since last week we're "proud" owners of a CC and want to set up 20+ VPN tunnels between the F600 cluster in our HQ and F18, deployed in the field, connected to 4G modems.

When I create the TINA tunnel manually, I can set the remote host with the dynamic address to 0.0.0.0/0 on the F600, but I haven't found this possibility in the GTI editor.

I had a look in the Campus and in the BTN300 documents, but couldn't find a solution.

 

Can anyone give me a hint?

 

Best regards

 

Sascha



#2 Pieter Rubens

Pieter Rubens
  • Members
  • 17 posts

Posted 15 February 2017 - 08:58 AM

Dear Sascha

 

In the gti editor, if you click on a tunnel you can see 'transport listening ip'. Set it to Explicit a then you can enter an ip for 'Explicit listening'  



#3 Stefan Hora

Stefan Hora
  • Barracuda Guru
  • 148 posts

Posted 15 February 2017 - 12:38 PM   Best Answer

There is another preferred way: in the VPN Service config tree there is a GTI Settings part where you can specify the defaults per box. Just set the F18 transport sources to dynamic and at the central box e.g. second IP (if the second server IP is where your VPN Server listens).
Then mark the central box as a hub in GTI Settings.
From now on each time you add a vpn Service to the GTI there is automatically a tunnel created to the hub.

If you need that the branches can communicate with each other via the hub then specify e.g. 10.0.0.0/8 under GTI Networks at the server settings and the real lan networks for the server settings at the branches.



#4 Sascha Henke

Sascha Henke
  • Members
  • 4 posts
  • LocationDuesseldorf, Germany

Posted 16 February 2017 - 07:31 AM

Thank you very much. This seems to help!



#5 Michael Zoller

Michael Zoller
  • Barracuda Team Members
  • 208 posts

Posted 16 February 2017 - 08:58 AM

If you are just setting up your Control Center this implementation guide might contain useful information for you*:

 

https://campus.barra...StaticRouting/

* also contains the information about GTI editor with dynamic WAN addresses