Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Add a server connection

Create the server for the site-to-site VPN tunnel.

Configure SSL VPN server

  1. Go to Site-to-site VPN > SSL VPN.
  2. In the Server section, click Add.
  3. Enter a name.
  4. Optional: You can manually assign a static IP address to the SSL VPN client.

    1. Select Use static virtual IP address.
    2. Under Static peer IP, enter an IP address.

      Make sure it doesn't belong to the static or dynamic address range in Remote access VPN > SSL VPN > SSL VPN global settings.

    Tip

    By default, the firewall automatically assigns an IP address from the lease range on SSL VPN global settings. You can manually assign a static IP address that doesn't conflict with the addresses used in remote access SSL VPN or other private IP addresses.

  5. Under Local networks, select the networks and interfaces to which remote networks are allowed to connect through the tunnel.

  6. Under Remote networks, select the networks and interfaces to access at the remote end.
  7. Click Save.

Download server configuration

  1. Go to Site-to-site VPN > SSL VPN.
  2. To download the server configuration file, click the download button Download button. for the server.

    Note

    If you change the port, protocol, certificate, or override hostname settings in the server firewall on Remote access VPN > SSL VPN > SSL VPN global settings, download the server configuration file again and upload it to the client firewall.

  3. Optional: Select Encrypt configuration file, enter a password, and confirm the password.

  4. Click Download.
  5. Configure the client on the peer firewall. See Add a client connection.