The table
Line | This column indicates the number of the line processed in order of appearance on the screen. |
Status | This column shows the status / of the tunnel. When a tunnel is created, it is enabled by default. Click twice to disable it. |
Name | A name can be given to this IPsec rule so that it will be easier to look for events that involve this rule in logs. |
Local network | Select the host, host group, network or network group that will be accessible via the IPsec VPN tunnel, from the drop-down list of objects. |
Peer | Configuration of the peer, which can be viewed in the tab of the same name in the IPsec VPN module. |
Remote network | Select from the drop-down list of objects, the host, host group, network or network group accessible through the IPsec tunnel with the peer. |
Protocol |
This option makes it possible to restrict the setup of IPsec tunnels to traffic based on specific protocols:
|
Encryption profile | This option allows selecting the protection model associated with your VPN policy, from 3 preconfigured profiles: StrongEncryption, GoodEncryption and Mobile. Other profiles can be created or modified in the tab Encryption profiles. |
Comments | Description given of the VPN policy. |
Keep alive |
The additional Keepalive option makes it possible to artificially maintain mounted tunnels. This mechanism sends packets that initialize the tunnel and force it to be maintained. This option is disabled by default to avoid wasting resources, especially in the case of a configuration containing many tunnels set up at the same time without any real need for them.
|
Checking the policy in real time
The window for editing IPsec policy rules has a “Check policy” field (located below the table), which warns the administrator whenever there are inconsistencies or errors in the rules created.