Defining the contact IP address of firewalls for VPN topologies

Peers can contact a firewall in a VPN topology via a fixed IP address. There are two options in this case:

  • the firewall is contacted by default on the IP address that was detected the last time the firewall logged on to the SMC server.
  • however, you can define a customized contact address.

It is also possible to indicate that a firewall has a dynamic IP address and therefore cannot be contacted by its peers – it will always initiate the negotiation of the VPN tunnel. Such tunnels therefore cannot be set up between two peers with dynamic IP addresses.

For any given firewall, you can choose the address at which it will be contacted in most VPN topologies. You can define this default contact address in the firewall's parameters. If you need to define a different address in certain topologies, you can replace the default address directly in these topologies.