Policy-Based VPN Creation Using Address Objects and Protected Resources Overview

The policy-based VPN creation methods are as follows:

Configuring Address Objects

You must create address objects to represent your network components in the UI. For details on creating and configuring address objects, see the Network and Security Manager Administration Guide.

Configuring Protected Resources

You should determine your protected resources first to help you identify the devices you need to include in the VPN. After you know what you want to protect, you can use VPN Manager or manually configure your security devices to create the VPN. A protected resource object represents the network components (address objects) and services (service objects) you want to protect and the security device that protects them.

The address specifies secured destination, the service specifies the type of traffic to be tunneled, and the device specifies where the VPN terminates (typically an outgoing interface in untrust zone). In a VPN rule, protected resources are the source and destination IP addresses.

When creating protected resources:

For more details on creating protected resources, see the Network and Security Manager Administration Guide.

Related Documentation