Filter
Top Products
Chapter 6 Device Security Settings
Vantage CNM User’s Guide
145
Figure 65 Device Operation > Device Configuration > Security > VPN > Global Setting
The following table describes the labels in this screen.
Table 55 Device Operation > Device Configuration > Security > VPN > Global Setting
LABEL DESCRIPTION
Output Idle Timer When traffic is sent to a remote IPSec router from which no reply is received
after the specified time period, the device checks the VPN connectivity. If the
remote IPSec router does not reply, the device automatically disconnects the
VPN tunnel.
Enter the time period (between 30 and 3600 seconds) to wait before the
device checks all of the VPN connections to remote IPSec routers.
Enter 0 to disable this feature.
Input Idle Timer When no traffic is received from a remote IPSec router after the specified
time period, the device checks the VPN connectivity. If the remote IPSec
router does not reply, the device automatically disconnects the VPN tunnel.
Enter the time period (between 30 and 3600 seconds) to wait before the
device checks all of the VPN connections to remote IPSec routers.
Enter 0 to disable this feature.
Gateway Domain
Name Update Timer
This field is applicable when you enter a domain name to identify the device
and/or the remote secure gateway.
Enter the time period (between 2 and 60 minutes) to wait before the device
updates the domain name and IP address mapping through a DNS server.
The device rebuilds the VPN tunnel if it finds that the domain name is now
using a different IP address (any users of the VPN tunnel will be temporarily
disconnected).
Enter 0 to disable this feature.
VPN rules skip
applying to the overlap
range of local and
remote IP addresses
When you configure a VPN rule, the device checks to make sure that the IP
addresses in the local and remote networks do not overlap. Select Turn Off
box to disable the check if you need to configure a VPN policy with
overlapping local and remote IP addresses.
Note: If a VPN policy’s local and remote IP addresses overlap,
you may not be able to access the device on your LAN
because the device automatically triggers a VPN tunnel
to the remote device with the same IP address.