Allowing IPsec VPN access in filter policies
As an implicit filter rule manages the traffic needed to set up the IPsec VPN, the filter policy manages authenticated mobile users’ access to internal resources via the VPN.
In the module Configuration > Security policy > Filter - NAT > Filtering tab:
- In the filter policy, select the row below the one in which you wish to add the rule allowing mobile users to use the IPsec VPN.
- Click on New rule.
- Select Simple rule.
A new line will appear.
- In the newly added row, double-click on the cell in the Action column.
The configuration window of the rule opens.
- In the Action field, select pass.
- Select the Source menu on the left side of the configuration window.
- In the User field, select the group of users allowed to set up IPsec VPN tunnels (Mobile Users@stormshield.eu in the example).
- Click on the Advanced properties tab in the Source menu.
- For the Via field, select IPsec VPN tunnel.
- For the Authentication method field, select IPsec VPN.
- Select the Destination menu on the left side of the configuration window.
- Click on Add in the Destination hosts grid.
- Select the network that mobile users can access through the IPsec VPN tunnel (object Local_Network_Authorized_IPsec in the example).
- Select the Inspection menu on the left side of the configuration window.
- In the Inspection profile field, select the IPS profile that contains the TCP-UDP profile with the MSS option (IPS_03 in the example).
- Click OK.
- Double-click on the cell corresponding to the Status column to enable this rule.
Its status will switch to ON.
- Click on Save and apply, then on Yes, activate the policy.
The filter rule configured is therefore: