Allowing IPsec VPN access in filter policies

In the module Configuration > Security policy > Filter - NAT > Filtering tab:

  1. In the filter policy, select the row below the one in which you wish to add the rule allowing mobile users to use the IPsec VPN.
  2. Click on New rule.
  3. Select Simple rule.
    A new line will appear.
  4. In the newly added row, double-click on the cell in the Action column.
    The configuration window of the rule opens.
    The Action section on the left in this configuration window is automatically selected.
  5. In the Action field, select pass.
  6. Select the Source menu on the left side of the configuration window.
  7. In the User field, select the group of users allowed to set up IPsec VPN tunnels.
  8. Click on the Advanced properties tab in the Source menu.
  9. For the via field, select IPsec VPN tunnel.
  10. For the Authentication method field, select IPsec VPN.
  11. Select the Destination menu on the left side of the configuration window.
  12. Click on Add in the Destination hosts grid.
  13. Select the networks that mobile users can access through the IPsec VPN tunnel (objects Local_Network_Authorized_IPsec and Local_Network_Authorized_IPsec2 in the example).
  14. Select the Inspection menu on the left side of the configuration window.
  15. In the Inspection profile field, select the IPS profile that contains the TCP-UDP profile with the MSS option (IPS_03 in the example).
  16. Click OK.
  17. Double-click on the cell corresponding to the Status column to enable this rule.
    Its status will switch to ON.

The filter rule configured is therefore: