Creating the Site_Spoke_A and Site_Spoke_B peers

In the menu Configuration > VPN > IPSec VPN > Peers tab:

  1. Click on Add.
  2. Choose New remote site.
    The wizard will ask you to select the remote gateway. In this case, this gateway will be the public address of the Firewall on the Spoke A site (object Pub_FW_Spoke_A).
  3. By default, the name of the peer will be created by adding a prefix “Site_” to this object name; this name can be customized. Press Enter.
  4. Next, select the Certificate method.
  5. Click on the magnifying glass next to the Certificate field
  6. Select the certificate corresponding to the Hub Firewall.
    The Trusted CA field is automatically entered by the certificate.
  7. In the same way, create the Site_Spoke_B peer using the following values:

    • Remote gateway: the Firewall of the Spoke B site (object Pub_FW_Spoke_B),
    • Certificate: the certificate of the Hub Firewall.