Allowing IPsec VPN access in filter policies
In the module Configuration > Security policy > Filter - NAT > Filtering tab:
- In the filter policy, select the row below the one in which you wish to add the rule allowing mobile users to use the IPsec VPN.
- Click on New rule.
- Select Simple rule.
A new line will appear. - In the newly added row, double-click on the cell in the Action column.
The configuration window of the rule opens.
The Action section on the left in this configuration window is automatically selected. - In the Action field, select pass.
- Select the Source menu on the left side of the configuration window.
- In the User field, select the group of users allowed to set up IPsec VPN tunnels.
- Click on the Advanced properties tab in the Source menu.
- For the via field, select IPsec VPN tunnel.
- For the Authentication method field, select IPsec VPN.
- Select the Destination menu on the left side of the configuration window.
- Click on Add in the Destination hosts grid.
- Select the networks that mobile users can access through the IPsec VPN tunnel (objects Local_Network_Authorized_IPsec and Local_Network_Authorized_IPsec2 in the example).
- Select the Inspection menu on the left side of the configuration window.
- In the Inspection profile field, select the IPS profile that contains the TCP-UDP profile with the MSS option (IPS_03 in the example).
- Click OK.
- Double-click on the cell corresponding to the Status column to enable this rule.
Its status will switch to ON.
The filter rule configured is therefore: