|Line||This column indicates the number of the line processed in order of appearance on the screen.|
|Status||This column shows the status / of the tunnel.
When a tunnel is created, it is enabled by default. Click twice to disable it.
|Name||A name can be given to this IPSec rule so that it will be easier to look for events that involve this rule in logs.|
|Local network||Select the host, host group, network or network group that will be accessible via the IPSec VPN tunnel, from the drop-down list of objects.|
|Peer||Configuration of the peer, which can be viewed in the tab of the same name in the IPSec VPN module.|
|Remote network||Select from the drop-down list of objects, the host, host group, network or network group accessible through the IPSec tunnel with the peer.|
This option makes it possible to restrict the setup of IPSec tunnels to traffic based on specific protocols:
|Encryption profile||This option allows selecting the protection model associated with your VPN policy, from 3 preconfigured profiles: StrongEncryption, GoodEncryption and Mobile. Other profiles can be created or modified in the tab Encryption profiles.|
|Comments||Description given of the VPN policy.|
The additional Keepalive option makes it possible to artificially maintain mounted tunnels. This mechanism sends packets that initialize the tunnel and force it to be maintained. This option is disabled by default to avoid wasting resources, especially in the case of a configuration containing many tunnels set up at the same time without any real need for them.
This option is only valid for site-to-site tunnels. It can be enabled by selecting the value Keepalive in the Columns menu, which appears when you move the mouse over the header of the columns in the table.
|Keep alive||To enable this option, assign a value other than 0, corresponding to the interval in seconds, between each UDP packet sent.|
Checking the policy in real time
The window for editing IPSec policy rules has a “Check policy” field (located below the table), which warns the administrator whenever there are inconsistencies or errors in the rules created.