VPN Community

This section explains how to define and manage a VPN Community in Quantum Spark Management, using a Quantum Spark Gateway as the center (hub) and Quantum Spark Gateways as satellites(spokes).

Capabilities

  • Simplified onboarding and configuration

  • Centralized VPN Community management

  • Redundant center Gateway support

  • ISP Redundancy on satellite Gateways

  • Link selection on the central hub

  • Spark cluster support for the central hub

  • Scalability of up to 100 satellite Gateways

  • Comprehensive VPN monitoring, visibility, and alerts

Prerequisites and Limitations

  • All Gateways must run R81.10.10 or higher.

  • Quantum Spark 1600 / 1800 / 2000Appliances are supported as the center Gateway and must be configured as a cluster.

  • The center Gateway must be configured with a static IP address.

  • VPN Settings and Local Network Settings do not support Shared Plans.

Configuration

The center Gateway must be configured as a cluster and connected to Quantum Spark Management.

Important - Run the Cluster Wizard on the Appliances only after both members are connected to Quantum Spark Management.

  1. Create two Gateway Objects in Quantum Spark Management to represent the Cluster Members.

  2. Connect each Gateway to Cloud Management.

  3. Log in to the local WebUI of each Appliance and complete the Cluster Wizard.

  4. Create a cluster object in Quantum Spark Management:

    1. Navigate to Gateways > New.

    2. Select Small Office HA as the type.

    3. Add the previously created Cluster Members.

    4. Complete the wizard.

The center Gateway requires a static IP address to function correctly as the hub of a Star VPN Community.

  1. Open the center Gateway Object.

  2. Navigate to VPN > Community.

  3. Change the connection type to Gateway IP address (Static).

  4. Configure the primary static IP address.

  5. Optional: Define additional static IP addresses and select the desired balancing mode.

This step is optional but strongly recommended to simplify Gateway onboarding and ensure compliance with Star VPN requirements.

Local Network Assignment ensured that each Gateway is assigned a unique local network, which is mandatory for Star VPN communities.

  1. Create a new Plan:

    1. Click Plans.

    2. Click New and follow the wizard.

    3. Make sure Site-to-Site VPN is enabled.

  2. Define Local Network Assignment

    1. Open the Plan object.

    2. Navigate to Device Settings > Local Network.

    3. Click Add and configure:

      • The interface used for VPN traffic

      • One or more network pools for assignment

    4. Repeat the instructions for additional interfaces.

    Notes:

    • Local Network Assignment changes IP addressing and may require time for hosts to update via DHCP or other mechanisms.

    • Apply these changes during a maintenance window.

    • Automatic assignment applies only to newly created Gateways associated with the Plan.

    • To assign networks to existing Gateways , use the Manage option in the Plan or configure networks directly on the Gateway object.

  1. Click Communities from the left navigation tree.

  2. Click New and follow the wizard:

    • Define the VPN Community name.

    • Select the center Gateway and configure satellite routing options.

    • Associate the applicable Plan.

    Note - Default VPN settings are optimized for VPN Star communities, including:

    • Remote site initiation

    • Permanent tunnels

Adding a New Gateway:

  1. Create a new Gateway object.

  2. Assign the Gateway to the applicable Plan configured with Local Network Assignment.

  3. Activate the Gateway using the activation key through the local WebUI.

Adding an Existing Gateway

  1. Locate the Gateway object in Quantum Spark Management.

  2. Change the associated Plan to the Plan used for Local Network Assignment.

  3. If Local Network Management is not applied automatically, assign the Local Network using one of these methods:

    • Gateway-Level Assignment:

      1. Navigate to Device Settings > Local Network on the Gateway object.

      2. Add the interface and select automatic or manual assignment.

    • Plan-Level Assignment:

      1. Navigate to Device Settings > Local Network on the Plan object.

      2. Use the Manage option to assign a network to the specific Gateway.

VPN Monitoring and Visibility

Starting in R81.10.10, Quantum Spark Management includes enhanced VPN monitoring capabilities.

The status strip displays the number of Gateways reporting VPN status. Each status supports drilldown to the affected Gateways.

  • Up: All tunnels are operational.

  • Warning: One or more tunnels experienced issues in the past hour or are not yet initialized.

  • Down: One or more tunnels are currently down.

Each Gateway displays a VPN status icon:

  • Grey: VPN status not reported

  • Red: One or more tunnels are down.

  • Yellow: Tunnel issues detected

Hover over the icon for additional details.

Click the icon to open the Gateway-specific VPN monitoring view (see below).

This view provides detailed VPN information for a specific Gateway, including:

  • Current tunnel status

  • Tunnel status over time (the worst status within a time window is displayed)

  • VPN-related events, ordered chronologically

  • Total tunnel uptime for the selected time frame

You can switch between Gateways or navigate to the aggregated VPN monitoring view(see below).

The aggregated view provides an account-wide VPN overview.

Navigate to Logs & Events > VPN Monitoring.

Available data includes:

  • Current VPN status summary across all Gateways

  • Gateways with unstable tunnels, sorted by downtime duration

  • Top VPN-related events

  • Gateway status trends over time

  • Event counts aggregated by severity