Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Network Devices > Managing edge devices > Adding or editing edge device information
Adding or editing edge device information
Use the Device Management > Add Edge Device or Edit Edge Device options to add a device, or change the configuration settings for an existing device.
When you add a device, you are asked to specify the tunneling type. You can create devices that connect via IPsec Advanced, IPsec (if available), or GRE tunneling. See:
*
*
*
To add a new edge device for IPsec Advanced tunneling
1.
Click Add, and select Add Edge Device.
2.
3.
Under General, enter or update your device Name.
4.
Select the Device Type from the drop-down list.
5.
Provide a device Description (up to 512 alphanumeric characters).
6.
Under Device Authentication:
a.
Select the IKE Version. The IKEv2 protocol is selected by default.
b.
Select an IKE identity. The valid options are based on the IKE Version selected.
If IKEv1 was selected as the IKE Version, the only option is Public IP address.
c.
d.
Select a Pre-shared key option. Define whether to use your own key (keys must be a minimum of 8 characters long) or generate a new key from the cloud service.
e.
If you select Use your own key, enter the key string. If you select Auto generated new key, the new key is displayed.
Click the encryption settings link to view supported IKE and IPsec settings for the device.
7.
Under Data Centers, select the two most appropriate data centers for your location. Use the arrows to move data centers from one list to the other.
If you change Data Centers, make sure your device configuration is correct.
 
Important 
8.
Under Policy Assignment, select the Default policy to apply to traffic managed by this device.
9.
a.
b.
c.
d.
e.
Click Add.
Repeat these steps for each internal network managed by the device to which you want to assign a specific policy.
Note that networks (IP address ranges and subnets) may not overlap, and you can assign only one policy to each network.
10.
To add a new edge device for IPsec tunneling
Note that the option to add an IPsec edge device is available only to customers who had similar devices configured prior to the introduction of IPsec Advanced.
1.
Click Add , and select Add Edge Device.
2.
3.
Under General, enter or update your device Name.
4.
Select the Device Type from the drop-down list.
5.
Provide a device Description (up to 512 alphanumeric characters).
6.
7.
*
Pre-shared key (PSK) allows you to use an existing key or generate a new one. If you select this option:
*
Enter the Egress IP address of your device.
*
If you select Use your own key, enter the key string.
If you select Auto-generated key, the new key is displayed on the page.
*
Copy the pre-shared key and the Device ID from this page, and configure them on your edge device in order for it to connect and authenticate with the cloud service.
*
Digital certificate requires a certificate that you can either generate in the portal or create yourself. If you select this option, select a Certificate authority from the list.
If you have not defined any certificate authorities in the cloud portal, you can upload a certificate authority file from this page, or skip this step for now and see Managing certificates for your IPsec devices.
After selecting a certificate authority, you have the option to Generate a device certificate for the device that you are adding. If you select this option, you will be prompted for the private key and passphrase for the selected CA.
8.
Under Policy Assignment, select the Default policy to apply to traffic managed by this device. Note: if you change the default policy for a device, ensure you clear the security association for the tunnel on your edge device. For guidance on clearing the security association for your device, see the configuration examples for supported devices, available from the Forcepoint IPsec Guide.
9.
a.
b.
c.
d.
e.
Click Add.
Repeat these steps for each internal network managed by the device to which you want to assign a specific policy.
Note that networks (IP address ranges and subnets) may not overlap, and you can assign only one policy to each network.
10.
To add a new edge device for GRE tunneling
1.
Click Add , and select Add Edge Device.
2.
3.
Under General, enter or update your device Name.
4.
Select the Device Type from the drop-down list.
5.
Provide a device Description (up to 512 alphanumeric characters).
6.
Add the Public IP address for the device. This is the external egress IP for the device.
7.
Under Data Centers, select the two most appropriate data centers for your location. Use the arrows to move data centers from one list to the other.
If you change Data Centers, make sure your device configuration is correct.
 
Important 
For each connection, the destination (data center) inner tunnel address and source (edge device) inner tunnel IP address are provided. You will need these addresses to configure the tunnel on your device.
8.
Under Policy Assignment, select the Default policy to apply to traffic managed by this device.
9.
a.
b.
c.
d.
e.
Click Add.
Repeat these steps for each internal network managed by the device to which you want to assign a specific policy.
Note that networks (IP address ranges and subnets) may not overlap, and you can assign only one policy to each network.
10.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Network Devices > Managing edge devices > Adding or editing edge device information
Copyright 2020 Forcepoint. All rights reserved.