Adding a location and getting a Gateway token
This documentation will guide you through adding a new location and proceeding with the Gateway deployment, enabling your devices to connect to it via VPN.
Adding a location in Defguard Core
Please remember that one gateway corresponds to one VPN location.
You can also deploy multiple gateways for one location for High Availability.
Go to the address you set on DEFGUARD_URL
with your browser and sign in using the credentials you set up during Core deployment.
Go to the VPN Overview module from the main menu and click the Edit Locations settings.

Then click the Add new location tab.

Depending on what is more convenient for you, choose configuration from Wireguard file or do it manually.


After saving configuration for location you should be redirect to Location overview page, where at the top right corner is Edit Locations Settings
button, click on it.

In Gateway server setup
copy two variables: DEFGUARD_TOKEN
and DEFGUARD_GRPC_URL

Also, if core has a custom SSL CA to secure gRPC communication, you need the CA certificate (more here).
Deploy the Gateway service
Proceed with deploying your Gateway service using the selected deployment strategy:
You can also check our guides on running Gateway on OPNsense firewall or MikroTik router.
If everything went well, Defguard Gateway should be connected to Defguard Core and you can start adding new devices to your network.
Last updated
Was this helpful?