Manualshelf

User manual

ManualsBrandsBaseWall ManualsComputer equipmentDual WAN VPN Firewall VPN 2000
70717273747576777879
- BaseWall VPN 6000 user manual -
possibilities.
20.3 Modify a policy
To modify a policy's routes, you can use the following procedure:
Select the policy in the policy selection pulldown menu.
Use the context menu of the relevant routes to select and/or deselect routes.
Use the “update” button to apply these changes to the policy.
20.4 Removing a policy
It's possible to remove a policy by selecting the policy in the policy selection
pulldown menu and the push the “delete” button. You will have to acknowledge
the removal by pushing the (appearing) “remove” button.
20.5 Specific local addresses
Normally, when you select the firewall as a source or destination of the policy,
it doesn't matter which specific local address the traffic is destined for.
Therefor any address on all local devices matches the policy.
But for certain setups this behavior is unwanted. For example, if you setup the
firewall to provide 1-on-1 NAT translation, mapping a secondary firewall
address to an internal host, you need a way to select this secondary address.
When an IP address is given in the field below the subject: “Specific local
address(es)” this policy will only match traffic using the given address.
20.6 IPSec options
The first option found in the ports screen of a policy is the IPSec setup.
Together with the IPSec Authentication of the remote gateway this policy
option defines an IPSec tunnel.
The purpose of this option is to change this policy to a description of what
traffic should be encrypted. There are two pulldown menu's: IPSec type and
Direction.
IPSec type is used to choose between the different types of IPSec. For normal
everyday tunnels this will be set to “esp”.
The Direction is used to provide some extra information about the direction of
the tunnel. Basically there are two different setups possible. In both setups
there are two policies for one tunnel, one defining the traffic going to the
remote network, and one defining the traffic coming from the remote network.
Normally the outgoing policy will get a direction of “out” and the incoming
policy the direction of “in”. Both in situations where there is a wish to setup
different port lists for the different directions it is possible to let one policy
define both directions. The other policy can be left on IPSec type “none” in that
situation.
Page 77 / 79