In the menu Configuration > Security policy > Filtering and NAT, select your filtering policy.
In the Filtering tab, click on the menu New rule > Standard rule. In the case presented, a client workstation located on the local network of the remote site must be able to connect in HTTP to the intranet server located on the local network of the main site (rule no. 1). You can also temporarily add, for example, ICMP to test the setup of the tunnel more easily (rule no. 2). The filtering rule will look like this: