About global VPN settings
Note: To configure VPNs, you need a Unified Threat Management license.
Default local certificate
You must set the default local certificate on each Smoothwall host. The default local certificate should be the certificate that identifies its host.
Multiple local certificates
You can install multiple local certificates to identify the same host. For example, for the autonomous management of road warrior tunnels from multiple sites or site-to-site tunnels from multiple sites. You can use multiple local certificates to decentralize the VPN management in larger networks. For example, you could use a VPN to create a WAN (Wide Area Network) among three head offices of a multinational company. Each head office must be responsible for its own VPN links that connects its regional branches to its head office, because otherwise, there would be a reliance on a single set of administrators in one country and time zone preparing certificates for the entire organization.
Therefore, each head office VPN gateway could utilize two local IDs (certificates). The country head office ID would be used by a head office to identify itself to head offices from other countries, to form VPN tunnels that make up the international WAN. The head office ID would be used by a head office to identify itself to other domestic offices, so that it can manage VPN tunnel connectivity within its own region.
Users who need to use mobile devices need to connect to their local networks. This needs a branch office VPN gateway to use two local IDs (certificates). The regional branch office ID would be used by a branch office to identify itself to the head office and other branch offices that make up the country-wide WAN. The branch office ID would be used by a branch office to identify itself to its local road warriors, so that it can manage road warrior connectivity to its own branch.
You can delegate VPN management from an unconfigured master Smoothwall to an unconfigured secondary Smoothwall. The secondary Smoothwall is responsible for managing site-to-site and road warrior connections within its own geography.