This topic is ONLY relevant to security gateways. It is NOT relevant to managed switches.
Overview
The VPN Cloud page (Fig. 1) allows you to manage the selected Mako’s connections to existing Virtual Private Network (VPN) clouds. Here you can view, join, and leave VPN clouds. You can also customize current connections to a VPN cloud for each desired network on the Mako.
To create and manage VPN clouds so they are available for the Mako to join, please see the VPN Cloud documentation in the Management section.
Current Connections
Use the Current Connections list (Fig. 2) to view, edit, and delete current connections to a VPN cloud for each desired network on the Mako.
- Cloud – VPN cloud to which the Mako is connected
- Mako Network – local networks that connect to the VPN cloud
- Direction – direction(s) traffic can flow through the connection for a given local network
- SNAT – Source Network Address Translation (SNAT) for a given local network
- [Options] – button to manage VPN cloud connection details
Edit Connections
To edit the Mako’s connections to a given VPN cloud, click the appropriate gear icon button in the rightmost column (Fig. 2). This will open the Join VPN Cloud form (Fig 3.) populated with connection details. Click the “Select Concentrators, VPN Direction, and SNAT” button to show all available fields.
Make any desired changes, then click the “Save VPN Cloud Connection” button.
For more details regarding these settings, see the Add Connection documentation below.
Revoke/Regenerate Certificate
Any VPN cloud you connect with your Mako must support certificate-based security. This allows you to revoke/regenerate the security certificate used for these connections periodically, which is recommended as a security best practice.
To do this, first click the appropriate gear icon button in the rightmost column (Fig. 2). This will open the Join VPN Cloud form (Fig 3.) populated with connection details. Then click the “Revoke/Regenerate Certificate” button to open a confirmation panel asking you to confirm the revoke/regenerate action. If you are certain you want to revoke/regenerate the certificate, click the “Confirm” button.
Delete Connections
To delete all of the Mako’s connections to a given VPN cloud, first click the appropriate gear icon button in the rightmost column (Fig. 2). This will open the Join VPN Cloud form (Fig 3.) populated with connection details. Then click the “Leave VPN Cloud” button to open a confirmation panel asking you to confirm the deletion. If you are certain you want to delete the connections, click the “Confirm” button.
Available VPN Clouds
Use the Available VPN Clouds list (Fig. 4) to view and join available VPN clouds. VPN clouds to which the Mako is already connected do not display in this list.
Columns
- Cloud Name
- Cloud Concentrators
- [Options]
Add Connections
To connect your Mako and its networks to a VPN cloud, you may either click the “Join VPN Cloud” button below the list or click the cloud icon button in the rightmost column for the VPN cloud you want to join.
Either button will open the Join VPN Cloud form (Fig. 3), however using the cloud icon button will populate the VPN Cloud dropdown in the form with the VPN cloud you want to join.
VPN Cloud
Choose a VPN cloud to join.
If you DO NOT need to change any related settings, click the “Save VPN Cloud Connection” button to join the VPN cloud using the default settings.
If you DO need to change any related settings before joining the VPN cloud, click the “Select Concentrators, VPN Direction, and SNAT” button to show all available fields.
Concentrators
Choose the concentrators from this VPN cloud to use for your connections. You will need to select at least one concentrator to continue.
To deselect a concentrator, click its blue cloud icon button.
To select a concentrator, click its gray “X” icon button.
To deselect ALL concentrators shown, click the dark gray “X” icon button at the top of the Concentrators list.
To select ALL concentrators shown, click the dark gray cloud icon button at the top of the Concentrators list.
Mako Networks
Choose the LAN segments to connect to this VPN cloud.
To deselect a network, click its blue cloud icon button.
To select a network, click its gray “X” icon button.
To deselect ALL networks shown, click the dark gray “X” icon button at the top of the Mako Networks list.
To select ALL networks shown, click the dark gray cloud icon button at the top of the Mako Networks list.
In addition to selecting the Mako networks to connect to this VPN cloud, you are able to customize the SNAT, direction, and priority for each network connection.
SNAT
Enter a SNAT value for each selected network, as needed.
Direction
Choose a traffic direction for each selected network using its arrow icon buttons.
Click the button with two left-facing arrows (unidirectional to Mako network) to have the Mako network only receive data and the VPN cloud only send data.
Click the button with one left-facing arrow and one right-facing arrow (bidirectional) to have the Mako network and the VPN cloud both sending and receiving data.
Click the button with two right-facing arrows (unidirectional to VPN cloud) to have the Mako network only send data and the VPN cloud only receive data.
Priority
Choose a priority for each selected network using its “1” through “4” buttons, with “1” being the highest priority and “4” being the lowest priority. Connections set to the same priority are treated equally.
Cipher Suite
A cipher suite is a set of algorithms that help secure the network connections between the Mako and the VPN cloud.
Choose your desired cipher suite using the dropdown.
If you do not know what to choose or do not have a preference, use the default setting of “Automatic.”
Save VPN Cloud Connection Button
To join the VPN cloud using these settings, click the “Save VPN Cloud Connection” button.