IPsec connections
Internet Protocol Security (IPsec) is a suite of protocols that support cryptographically secure communication at the IP layer. With IPsec connections, you can provide secure access between two hosts, two sites, or remote users and a LAN. The firewall supports IPsec as defined in RFC 4301. Use these settings to create and manage IPsec connections and to configure failover.
- To add a connection, click Add.
- To add a connection using the connection wizard, click Wizard.
- To activate a connection, click the Active status indicator.
- To connect, click the connection status indicator.
- To download a connection, click
.
| Active | Connection | Description |
|---|---|---|
 |
 |
Connection is active but not connected. |
|
|
Connection is active and connected. |
|
 |
Connection is active but only partially connected. When multiple subnets are configured for the LAN or remote network, the device creates a sub-connection for each subnet. This status indicates that one of the sub-connections is not active. |
|
|
Connection is inactive. |
Failover groups
A failover group is a sequence of IPsec connections.If the primary connection fails, the secondary (or subsequent) active connection in the group automatically takes over and keeps traffic moving.
During a connection failure, the firewall checks the health of a primary connection every 60 seconds. When the primary connection is restored, the secondary connection falls back to its original position in the group.
- To activate a group and establish the primary connection, click the Active status indicator.
Turning off a failover group disables the active tunnel used in that group.