Allowing IPSec VPN access in filter policies
In the module Configuration > Security policy > Filter - NAT > Filtering tab:
- In the filter policy, select the row below the one in which you wish to add the rule allowing mobile users to use the IPSec VPN.
- Click on New rule.
- Select Simple rule.
A new line will appear.
- In the newly added row, double-click on the cell in the Action column.
The configuration window of the rule opens.
The Action section on the left in this configuration window is automatically selected.
- In the Action field, select pass.
- Select the Source menu on the left side of the configuration window.
- In the User field, select the group of users allowed to set up IPSec VPN tunnels.
- Click on the Advanced properties tab in the Source menu.
- For the via field, select IPSec VPN tunnel.
- For the Authentication method field, select IPSec VPN.
- Select the Destination menu on the left side of the configuration window.
- Click on Add in the Destination hosts grid.
- Select the networks that mobile users can access through the IPSec VPN tunnel (objects Local_Network_Authorized_IPSec and Local_Network_Authorized_IPSec2 in the example).
- Select the Inspection menu on the left side of the configuration window.
- In the Inspection profile field, select the IPS profile that contains the TCP-UDP profile with the MSS option (IPS_03 in the example).
- Click OK.
- Double-click on the cell corresponding to the Status column to enable this rule.
Its status will switch to ON.