config user peer edit "MachineAuth" set ca "CA_Cert_4" #SubCA from

1. config user peer
2. edit "MachineAuth"
3. set ca "CA_Cert_4" #SubCA from Clients and IKE Peer/Signature Cert
4. next
5. end
6. config user peergrp
7. edit "MachineAuthGrp"
8. set member "MachineAuth"
9. next
10. end
11. # Currently not used
12. config user group
13. edit "AlwaysOn MachineAuth"
14. set member "MachineAuth"
15. next
16. end
17. config vpn ipsec phase1-interface
18. edit "DeviceTunnel"
19. set type dynamic
20. set interface "AlwaysOn-VPN"
21. set ike-version 2
22. set local-gw 1.1.1.1
23. set authmethod signature
24. set net-device disable
25. set mode-cfg enable
26. set ipv4-dns-server1 172.17.12.1
27. set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
28. set dpd on-idle
29. set dhgrp 19 14 2
30. set certificate "AlwaysOn-VPN_DeviceTunnel_2022"
31. set peer "MachineAuth"
32. set ipv4-start-ip 10.251.0.0
33. set ipv4-end-ip 10.251.250.250
34. set dpd-retryinterval 60
35. next
36. end
37. config vpn ipsec phase2-interface
38. edit "AlwaysOn-Device"
39. set phase1name "DeviceTunnel"
40. set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
41. set dhgrp 19 14 2
42. set keepalive enable
43. next
44. end
45. config firewall policy
46. edit 6
47. set uuid 11ca083a-2f66-51eb-921a-75456ca4c5cc
48. set srcintf "DeviceTunnel"
49. set dstintf "Internal"
50. set action accept
51. set srcaddr "all"
52. set dstaddr "all"
53. set schedule "always"
54. set service "ALL"
55. set logtraffic all
56. next
57. end