This tutorial will show you how to configure a VPN between a SBG and a USG, while this will focus on the SBGs configuration parts.
1. Configure the VPN on USG Site ( https://www.youtube.com/watch?v=svaZREZEiAE )
2. Access your device by entering its IP address in the browser address line and login by using the device’s credential
3. Navigate to VPN > IPSEC VPN
4. Add a new Entry
5. Only have the Nailed-up option enabled on one site of the tunnel
6. Choose Site-to-Site
7. Choose as "My Address" your WAN connection
8. Type in the Peer Gateway Address, which is the address on the other site of the tunnel
9. Set up Key Exchange Mode to Auto and enter the preshared key, which also has been set up on the USG's site
10. Set up the Encryption to AES128 and Authentication to SHA1, then press on the button "Add"
11. In Phase 2 set up SA Life Time to 28800 and add AES192 as Encryption
12. In Policy set your local and remote IP subnet and also check the "Force SBG Go VPN Tunnel"
Now you might need to connect the tunnel once. Please note that the mentioned values for the tunnel are recommended values to ensure a good throughput and security equally.