Configuring the remote site

The aim of this section is to reproduce on the remote site a configuration symmetrical with the one created on the main firewall.

Creating network objects

The objects are the same as those defined on the main Firewall. Please refer to section Configuring the main site, under Creating network objects.

Creating the IPsec tunnel

Please refer to section Configuring the main site, under Creating the IPsec tunnel. For the remote site, the fields to be entered in the wizard will have the following values:

Local network: Private_Net_Remote_Site,
Remote network: Private_Net_Main_Site,
Remote gateway: Pub_Main_FW,
Pre-shared key: the same password as the one entered on the main firewall.

Creating filtering rules

In the menu Configuration > Security policy > Filtering and NAT, select your filtering policy.
In the Filtering tab, click on the menu New rule > Standard rule.
In the case presented, a client workstation located on the local network of the remote site must be able to connect in HTTP to the intranet server located on the local network of the main site (rule no. 1). You can also temporarily add, for example, ICMP to test the setup of the tunnel more easily (rule no. 2). The filtering rule will look like this: