Uploading Tunnel Configuration Files
  • 30 Jan 2024
  • 1 Minute to read
  • Contributors

    Uploading Tunnel Configuration Files


      Article summary

      Harmony SASE Managers and Admins can import a Site-2-Site VPN connection configuration file. This will automatically populate the Harmony SASE tunnel configuration fields with the corresponding information from the remote site.

      This will reduce admin work by eliminating the need to populate fields manually and reduce the possibility of tunnel misconfigurations during the initial tunnel creation process. Admins can manually change the imported values after the uploading process.

      To upload a configuration file from the Tunnel Creation or Edit dialogue, locate the 'AWS/Azure VPN Connection Configuration File' section under General Settings, then click the 'Upload File' button to the right of the window:


      Supported Vendors and Tunnel Types

      Downloading the configuration file

      Amazon Web Services (AWS)

      After setting up your Site-to-Site tunnel, navigate to your VPC -> Virtual Private Network (VPN) -> Site-to-Site VPN Connections, and click Download to get the configuration file,

      • When exporting configuration files from AWS for a single tunnel, please choose the Strongswan format:
      • When exporting configuration files from AWS for a redundant tunnel, please choose the Generic format:

      Microsoft Azure

      After setting up your Site-to-Site tunnel, navigate to your Virtual network gateway, then Click Connections. Choose your connection with Harmony SASE and click Download configuration to get the configuration file:

      • When exporting configuration files from Azure for a single tunnel, please choose the Generic Samples format:

      Value extracted

      The Tunnel Values that are extracted from the configuration file include the following parameters:
      • General Settings
        • Shared Secret (Pre-Shared Key)
        • Harmony SASE Gateway internal IP
        • Remote Public IP
        • Remote ID
        • Remote Gateway internal IP
        • Remote Gateway ASN (for redundant tunnels)
      • Advanced Settings:
        • IKE Version
        • IKE Lifetime
        • Tunnel Lifetime
        • Dead Peer Detection Delay 
        • Dead Peer DetectionTimeout
        • Cipher Suites (Azure Only)

      Was this article helpful?