Add a server connection
Create the server for the site-to-site VPN tunnel.
Configure SSL VPN server
- Go to Site-to-site VPN > SSL VPN.
- In the Server section, click Add.
- Enter a name.
-
Optional: You can manually assign a static IP address to the SSL VPN client.
- Select Use static virtual IP address.
-
Under Static peer IP, enter an IP address.
Make sure it doesn't belong to the static or dynamic address range in Remote access VPN > SSL VPN > SSL VPN global settings.
Tip
By default, the firewall automatically assigns an IP address from the lease range on SSL VPN global settings. You can manually assign a static IP address that doesn't conflict with the addresses used in remote access SSL VPN or other private IP addresses.
-
Under Local networks, select the networks and interfaces to which remote networks are allowed to connect through the tunnel.
- Under Remote networks, select the networks and interfaces to access at the remote end.
- Click Save.
Download server configuration
- Go to Site-to-site VPN > SSL VPN.
-
To download the server configuration file, click the download button for the server.
Note
If you change the port, protocol, certificate, or override hostname settings in the server firewall on Remote access VPN > SSL VPN > SSL VPN global settings, download the server configuration file again and upload it to the client firewall.
-
Optional: Select Encrypt configuration file, enter a password, and confirm the password.
- Click Download.
- Configure the client on the peer firewall. See Add a client connection.