Prerequisites for Configuring Site-to-Site VPN for On-Premises Management Center-managed Threat Defense

Make sure that the on-premises management center has been successfully added to the Security Cloud Control platform, and the threat defense devices are running version 7.2.x or later.

Enable the Discover & Manage Network Objects on Security Cloud Control to discover objects from your on-premises management center, which you can share, manage, and use to set consistent object definitions across other platforms managed by Security Cloud Control. See Discover and Manage On-Prem Firewall Management Center Network Objects.

The virtual tunnel interface (VTI) used by the tunnel must already exist on the on-premises management center-managed threat defense devices. Security Cloud Control does not provide the functionality to create interfaces on these devices, instead it only displays pre-existing interfaces. Therefore, to create new VTIs, you need to configure them from the on-premises management center before creating a tunnel in Security Cloud Control.

The on-premises management center must have a preconfigured access list and a policy-based routing to enable traffic routing and tunnel operation.