# VPN Setup with Palo-Alto Networks Interface 1\. Login to the Monogoto portal and go to ***Network.*** 2\. Edit your **“vpneu.mono”** network (EU zone) or **"vpnus.mono"** network (US zone). ![](/files/sDYJBboiyNtAcgd2NDsD) 3\. Go to **Address Pools** and copy IP Address/Mask. ![](/files/k5f8WYZhHYJFeFtAIIB6) 4\. Go to **Routes** and copy Gateway IP. ![](/files/jKgDfRzfinCup6QEcN3k) 5\. Now we need to add a Route to the VPN in Monogoto portal -> ***Network*** -> ***Routes*** section and ***Add new*** * Destination = VPN IP address and mask * Gateway = select Monogoto gateway * Save and Close -> Apply Settings ![](/files/MYLOaiDBkpCNW6kpByUz) 6\. Lets add a VPN on Monogoto portal. Please go to ***Network*** -> ***VPN*** section and ***Add new VPN.*** * Destination IP Address = Palo Alto Networks Tunnel Outside IP Address * Destination Network = Palo Alto Networks VPC IPv4 CIDR * Pool Name = Select your pool * Save and Close -> Apply Settings ![](/files/YD0SVMDvhExw5e59Urgv) ![](/files/J2dE3Auxvgxlq10ey0lq) 7\. Now that we have created VPN on Monogoto end, download a VPN config file that will have all of the needed information for VPN configuration on Palo Alto Networks end. ![](/files/6pcQxcJ1hMaGvO1sK6gN) 8\. Go to Palo Alto Networks user interface. 9\. Switch to **Network** tab, then under **Network Profiles** go to **IKE Crypto** and press on button **Add.** Please see configuration example below ![](/files/-MMujWNNIAMX9Y0WdtNe) ![](/files/-MMuCt5GyraF5Nau9XwQ) 10\. The next step is to create IKE Gateway. In **Network** tab, under **Network Profiles** go to **IKE Gateways** and press on button **Add.** ![](/files/-MMujA5k7ZVwJH9QdNHs) 11\. Configure IKE Gateway, you may see example settings below. * Local IP Address = select your local IP address * Peer Address = is taken from **Step 4**, it is a Route Gateway from Monogoto portal * IKE Crypto Profile = select a profile we have created in **step 6** ![](/files/-MT6pf4RTJphUQ-2L7JM) ![](/files/-MMuI91UnP_wMz6n5nTH) 12\. Next what we want to do is to create a security zone. In **Network** tab go to **Zones** and press on **Add** button. You may see configuration example below. ![](/files/-MMuX-ide3eYSecOv89D) ![](/files/-MMuXvxethKnd4V8-8sd) 13\. In order for Palo Alto Network to respond to ping we need to create a management profile. In **Network** tab, under **Network Profiles** go to **Interface Mgmt** and press on button **Add.** You may see configuration example below. ![](/files/-MMubNRrGweRydAzXjbC) ![](/files/-MMucrTJrJpcRp-5c9hi) 14\. Now we need to add a Tunnel. In **Network** tab go to **Interfaces**, select a sub tab **Tunnel** and press on **Add** button. You may see configuration example below. ![](/files/-MMuZQmktQyyh-PXqOko) ![](/files/-MMu_48HLJmdHh5H5_gx) ![](/files/-MMu_6Rj8pKiHIMqQbho) 15\. Now we want to create IPSec Crypto profile. In **Network** tab go to **Network Profiles**, select **IPSec Crypto** and press on **Add** button. You may see configuration example below. ![](/files/-MMuk799CGsUr0D0_0Lk) ![](/files/-MMueJBj6sk-BhwcYRYY) 16\. Lets now add a IPSec tunnel. In **Network** tab go to **IPSec Tunnels** and press on **Add** button. You may see configuration example below. * Local = local IP/netmask * Remote = Monogoto pool IP address/mask, is taken from **step 3** ![](/files/-MMueuk_l9w7NVeNBjzJ) ![](/files/-MMufcc0ImTPP0swFcV3) ![](/files/-MMuqMmir5EgZTcc_NQN) ![](/files/-MT6qDIo_xhs1W_7Kw_D) 17\. To make NAT settings, please go to **Policies** tab and then select **NAT**. Below you can find example configurations. ![](/files/-MMvAEQbwFzbHM96fZeF) ![](/files/-MT6qY0foemul8J65_FY) ![](/files/-MMvAJPKemWBj9qZJvYd) 18\. To make Security settings, please go to **Policies** tab and then select **Security**. Below you can find example configuration. ![](/files/-MT6r2IwiNnuyHiv8qWk) 19\. Make Virtual Router settings. To access them please go to **Network** tab and select **Virtual Routers**. You may see a few examples below ![](/files/-MMvNb3OxGl1_-t8dZmK) ![](/files/-MMvQU_E4BUz3gt7SSkg) 20\. Please press on **Commit** button at the Right top corner to apply our configured settings in Palo Alto Network interface. ![](/files/-MMuzjL5sbnQpNX3BadI) 21\. Go back to Monogoto portal ***Network*** -> ***VPN.*** Check if our created VPN status is shown as Connected, if it is not, please press on **Refresh** button. ![](/files/0Dg20L1DYjfCKeaoRsJD) 22\. When the status of the VPN is Connected, you may check connection by doing a ping. You can do this by pressing on **Ping** button. ![](/files/B7yvBQ2NhzYFcGJW2eru) That's all, now the VPN tunnel is now connected. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.monogoto.io/advanced-console/platform/vpn-setup-examples/vpn-setup-with-palo-alto-networks-interface.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.