In a default configuration, Mobile VPN with IPSec users have full access to XTM device resources with the Any policy. The Any policy allows traffic on all ports and protocols between the Mobile VPN user and the network resources available through the Mobile VPN tunnel. To restrict VPN user traffic by port and protocol, you can delete the Any policy and replace it with policies that restrict access.
In an IPSec policy, the Policy tab has these properties, which are different than the properties of a firewall policy:
The Advanced tab includes only the advanced settings that apply to VPN traffic.
Most other policy properties are the same as described in About Policy Properties.
When you create a Mobile VPN with IPSec profile, Fireware XTM automatically creates a Mobile VPN with IPSec Any policy that allows all traffic from users in the group to the resources available through the tunnel. Any additional Mobile VPN with IPSec policies you create are also associated with a Mobile VPN group.
If you edit the Mobile VPN with IPSec group profile to change the resources accessible through the tunnel, the Allowed Resources in the policies for that group are not updated automatically. If you want to update the Allowed Resources list, you must edit the existing policy.
To edit a Mobile VPN with IPSec Any policy:
The default IPSec policy is an Any policy. You can use Policy Manager to add other types of policies for mobile VPN traffic.
Add Policies to Your Configuration
About Proxy Actions