Adding IPsec aggregate members in the GUI
You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate. You can create a new IPsec aggregate within the IPsec tunnels dropdown list. You can also monitor the traffic for each aggregate member.
To configure an IPsec tunnel with aggregate members in the GUI:
- Create the IPsec aggregate tunnel candidate:
- Go to VPN > IPsec Wizard.
- Enter the tunnel name.
- Set Template Type to Custom, then click Next.
- In the Network section, expand the Advanced field and enable Aggregate member.
- Configure the other settings as needed.
- Click OK.
- Repeat step 1 to create more tunnel candidates as needed.
- Create the IPsec aggregate:
- Go to VPN > IPsec Tunnels and click Create New > IPsec Aggregate.
- Enter an aggregate name.
- Select a load balancing algorithm. The options include: Weighted Round Robin (default), L3, L4, and Redundant. Round-robin is available in the CLI.
- Add the tunnels that you created in steps 1 and 2. If required, enter weights for each tunnel.
- Click OK.
- Configure the firewall policy:
- Go to Policy & Objects > Firewall Policy.
- Create a new policy or edit an existing policy.
- Set Incoming Interface to the aggregate tunnel created in step 3.
- Configure the other settings as needed.
- Click OK.
- Configure the static route:
- Go to Network > Static Routes.
- Click Create New > IPv4 Static Route.
- Set Interface to the IPsec aggregate tunnel.
- Configure the other settings as needed.
- Click OK.
- Monitor the traffic:
- Go to Monitor > IPsec Monitor.
- Expand the IPsec aggregate tunnel (agg-tunnel) to view statistics for each aggregate member.