Prerequisites for Configuring Site-to-Site VPN for On-Prem Management Center-managed Threat Defense

Make sure that the on-prem management center has been successfully added to the CDO platform, and the threat defense devices are running version 7.2.x or later.

Enable the Discover & Manage Network Objects on CDO to discover objects from your on-prem management center, which you can share, manage, and use to set consistent object definitions across other platforms managed by CDO. See Discover and Manage On-Prem Firewall Management Center Network Objects.

The virtual tunnel interface (VTI) used by the tunnel must already exist on the on-prem management center-managed threat defense devices. CDO does not provide the functionality to create interfaces on these devices, instead it only displays pre-existing interfaces. Therefore, to create new VTIs, you need to configure them from the on-prem management center before creating a tunnel in CDO.

The on-prem management center must have a preconfigured access list and a policy-based routing to enable traffic routing and tunnel operation.