IPsec connections

Internet Protocol Security (IPsec) is a suite of protocols that support cryptographically secure communication at the IP layer. With IPsec connections, you can provide secure access between two hosts, two sites, or remote users and a LAN. The firewall supports IPsec as defined in RFC 4301. Use these settings to create and manage IPsec connections and to configure failover.

  • To add a connection, click Add.
  • To add a connection using the connection wizard, click Wizard.
  • To activate a connection, click the Active status indicator.
  • To connect, click the connection status indicator.
  • To download a connection, click .
Table 1. Connection status indicators
Active Connection Description
Connection is active but not connected.
Connection is active and connected.
Connection is active but only partially connected. When multiple subnets are configured for the LAN or remote network, the device creates a sub-connection for each subnet. This status indicates that one of the sub-connections is not active.
Connection is inactive.

Failover groups

A failover group is a sequence of IPsec connections.If the primary connection fails, the secondary (or subsequent) active connection in the group automatically takes over and keeps traffic moving.

During a connection failure, the firewall checks the health of a primary connection every 60 seconds. When the primary connection is restored, the secondary connection falls back to its original position in the group.

  • To activate a group and establish the primary connection, click the Active status indicator.

Turning off a failover group disables the active tunnel used in that group.