The table

Line This column indicates the number of the line processed in order of appearance on the screen.
Status This column shows the status / of the tunnel.
When a tunnel is created, it is enabled by default. Click twice to disable it.
Name A name can be given to this IPsec rule so that it will be easier to look for events that involve this rule in logs.
Local network Select the host, host group, network or network group that will be accessible via the IPsec VPN tunnel, from the drop-down list of objects.
Peer Configuration of the peer, which can be viewed in the tab of the same name in the IPsec VPN module.
Remote network Select from the drop-down list of objects, the host, host group, network or network group accessible through the IPsec tunnel with the peer.

This option makes it possible to restrict the setup of IPsec tunnels to traffic based on specific protocols:

  • TCP
  • UDP
  • ICMP
  • GRE
  • All
Encryption profile This option allows selecting the protection model associated with your VPN policy, from 3 preconfigured profiles: StrongEncryption, GoodEncryption and Mobile. Other profiles can be created or modified in the tab Encryption profiles.
Comments Description given of the VPN policy.
Keep alive

The additional Keepalive option makes it possible to artificially maintain mounted tunnels. This mechanism sends packets that initialize the tunnel and force it to be maintained. This option is disabled by default to avoid wasting resources, especially in the case of a configuration containing many tunnels set up at the same time without any real need for them.

To enable this option, assign a value other than 0, corresponding to the interval in seconds, between each UDP packet sent.

Checking the policy in real time

The window for editing IPsec policy rules has a “Check policy” field (located below the table), which warns the administrator whenever there are inconsistencies or errors in the rules created.