Define Custom Tunnel Policies
Tunnel policies are sets of rules that apply to connections through a BOVPN tunnel. By default, any new manual VPN tunnel you add is automatically added to the BOVPN-Allow.in and BOVPN-Allow.out policies, which allow all traffic through the tunnel. In the tunnel settings, you can clear the Add this tunnel to the BOVPN-Allow policies check box so that the tunnel is not added to these policies. For more information, see Define a Tunnel.
If you do not add the tunnel to the default BOVPN policies you must create a custom VPN policy to allow the types of traffic you want to allow. You can also use the default BOVPN policies and configure additional BOVPN policies for other types of traffic, such as HTTP traffic.
In Policy Manager, you can use the BOVPN Policy Wizard to create a pair of VPN policies to allow traffic to pass through a branch office VPN tunnel. The BOVPN Policy Wizard is not available in Fireware Web UI.
To run the BOVPN Policy Wizard:
- In Policy Manager, select VPN > Create BOVPN Policy.
The BOVPN Policy Wizard starts.
- In the Policy Name Base text box, type a name to identify these policies.
The name you choose is prepended to ".in" and ".out" to create the firewall policy names for incoming and outgoing tunnels, respectively. For example, if you use “williams” as the name base, the wizard creates the policies “williams.in” and “williams.out.”
- Select the Firewall Policy Type. You can select any packet filter or proxy policy type.
The policy type specifies the type of traffic the policies the wizard creates.
- Click Add to select the BOVPN tunnels to add to this policy.
The wizard creates policies to allow traffic to pass through the BOVPN tunnels you specify.
- (Optional) Select the Create aliases for the selected incoming and outgoing tunnels check box, and specify an alias.
As with the policy name, the name you specify is prepended to ".in" and ".out" to create the alias names for incoming and outgoing tunnels, respectively. You can use these aliases in other policies.
We recommend that you create an alias when you create policies for many BOVPN tunnels. Include those tunnels in the alias. You can then modify the alias as you add or remove tunnels, rather than create a new policy for each set of tunnels. For information on how to create an alias, see Create an Alias.
- Click Next.
The Finish page of the wizard lists the policies and aliases the wizard created.
- Click Finish to exit the wizard.