Adding VPN Rules to a Security Policy Overview

To create a policy-based VPN or to add access policies to a route-based VPNs, you must add a VPN rule to a security policy for each device in the VPN.

Adding a VPN rule is a three-stage process:

Configuring the VPN

In security policies, select a predefined security policy (or create a policy), and add a VPN rule. Right-click in the Source Address, Destination Address, Action, or Install On column and select Configure VPN to display the Configure VPN dialog box.

Configuring the Security Policy

To configure the remaining columns for the VPN rule:

You do not need to configure the action—NSM automatically defines the action as tunnel. You can also configure traffic shaping, options, authentication, antivirus, or attack protection for the VPN rule. For details on configuring these rule options, see the Network and Security Manager Administration Guide.

To deny a host, use a deny rule before the VPN rule.

Assigning and Installing the Security Policy

You must assign the security policy to each VPN member and install the security policy on those devices before the VPN is active.

Related Documentation