How do you add the route entry for the “Enforcement Point Gateway” on the Management
Server?
A.
Edit peers’ WebUI to add a static route to the “designated enforcement point”.
B.
Designate this gateway in the VPN community properties.
C.
Update file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point
gateway.
D.
Edit file $FWDIR/conf/vpn_route.conf with a new route entry.
Explanation:
VPN Directional Enforcement can take place between two VPN communities. In this case, one gateway must be configured as a member of both communities and the enforcement point between them. Every other peer gateway in both communities must have a route entry to the enforcement point gateway in its vpn_route.conf file.