1. Login to the Monogoto portal and go to Network.

2. Edit your “data.mono” network.

3. Go to Address Pools and copy IP Address/Mask.

4. Go to Routes and copy Gateway IP.

5. Now we need to add a Route to the VPN in Monogoto portal -> Network -> Routes section and Add new

• Destination = VPN IP address and mask

• Gateway = select Monogoto gateway

• Save and Close -> Apply Settings

6. Lets add a VPN on Monogoto portal. Please go to Network -> VPN section and Add new VPN.

• Destination IP Address = Palo Alto Networks Tunnel Outside IP Address

• Destination Network = Palo Alto Networks VPC IPv4 CIDR

• Pool Name = Select your pool

• Save and Close -> Apply Settings

7. Now that we have created VPN on Monogoto end, download a VPN config file that will have all of the needed information for VPN configuration on Palo Alto Networks end.

8. Go to Palo Alto Networks user interface.

9. Switch to Network tab, then under Network Profiles go to IKE Crypto and press on button Add. Please see configuration example below

10. The next step is to create IKE Gateway. In Network tab, under Network Profiles go to IKE Gateways and press on button Add.

11. Configure IKE Gateway, you may see example settings below.

• Local IP Address = select your local IP address

• Peer Address = is taken from Step 4, it is a Route Gateway from Monogoto portal

• IKE Crypto Profile = select a profile we have created in step 6

12. Next what we want to do is to create a security zone. In Network tab go to Zones and press on Add button. You may see configuration example below.

13. In order for Palo Alto Network to respond to ping we need to create a management profile. In Network tab, under Network Profiles go to Interface Mgmt and press on button Add. You may see configuration example below.

14. Now we need to add a Tunnel. In Network tab go to Interfaces, select a sub tab Tunnel and press on Add button. You may see configuration example below.

15. Now we want to create IPSec Crypto profile. In Network tab go to Network Profiles, select IPSec Crypto and press on Add button. You may see configuration example below.

16. Lets now add a IPSec tunnel. In Network tab go to IPSec Tunnels and press on Add button. You may see configuration example below.

• Local = local IP/netmask

• Remote = Monogoto pool IP address/mask, is taken from step 3

17. To make NAT settings, please go to Policies tab and then select NAT. Below you can find example configurations.

18. To make Security settings, please go to Policies tab and then select Security. Below you can find example configuration.

19. Make Virtual Router settings. To access them please go to Network tab and select Virtual Routers. You may see a few examples below

20. Please press on Commit button at the Right top corner to apply our configured settings in Palo Alto Network interface.

21. Go back to Monogoto portal Network -> VPN. Check if our created VPN status is shown as Connected, if it is not, please press on Refresh button.

22. When the status of the VPN is Connected, you may check connection by doing a ping. You can do this by pressing on Ping button.

That's all, now the VPN tunnel is now connected.