host.
Local Subnet: Specify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy. It's formed by IP address and subnet mask.
Remote Subnet: Specify IP address range on your remote network to identify which PCs on the remote network are covered by this policy. It's formed by IP address and subnet mask.
WAN:Specify the local WAN port for this Policy. The "Remote Gateway" of the remote peer should be set to the IP address of this WAN port.
Remote Gateway: Enter the Remote Gateway. It can be IP address or Domain name.
Policy Mode: Select the negotiation mode for the policy.
zIKE: The parameters for the VPN tunnel are generated automatically via IKE negotiations.
zManual: All settings (including the keys) for the VPN tunnel are manually input and no key negotiation is needed.
zIKE Mode
IKE Policy: It is available when IKE is selected as the negotiation mode. Specify the IKE policy. If there is no policy selection, add new policy on VPN→IKE→IKE Policy page.
IPsec Proposal: Select IPsec Proposal on IKE mode. Up to four IPsec Proposals can be selected on IKE mode.
PFS:Select the PFS (Perfect Forward Security) for IKE mode to enhance security. This setting should match the remote peer. With PFS feature, IKE negotiates to create a new key in Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in
