Configure Policies to Allow Mobile VPN with PPTP Traffic

Mobile VPN with PPTP users do not have access privileges through a XTM device by default. You must configure policies to allow PPTP users to get access to network resources. You can add new policies or edit existing policies.

If you assign addresses from a trusted network to PPTP users, the traffic from the PPTP user is not considered to be trusted. All Mobile VPN with PPTP traffic is untrusted by default. Regardless of assigned IP address, policies must be created to allow PPTP users access to network resources.

Allow PPTP Users to Access a Trusted Network

In this example, you add an Any policy to give all members of the PPTP-Users group full access to resources on all trusted networks.

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. In the Select a policy type section, select Packet Filter.
  4. From the adjacent drop-down list, select Any.
  5. In the Policy Name text box, type the policy name.
  6. Click Add Policy.
  7. In the From list, select Any-Trusted and click Remove.
  8. In the From list, click Add.
    The Add Member dialog box appears.
  9. From the Member Type drop-down list, select PPTP Group.
  10. Select PPTP-Users and click OK.
    The name of the authentication method appears in parenthesis .
    If the PPTP-Users group does not appear in the list, you must first define it for your device. For more information, see Use Authorized Users and Groups in Policies.
  11. In the To section, select Any-External and click Remove.
  12. In the To section, click Add.
    The Add Member dialog box appears.
  13. In the Select Members list, select Any-Trusted and click OK.
    Any-Trusted appears in the To list.
  14. Click Save.

For more information about policies, see Add Policies to Your Configuration.

Use Other Groups or Users in a PPTP Policy

Users must be a member of the PPTP-Users group to make a PPTP connection. When you configure a policy to give the PPTP users access to network resources, you can use the individual user name or any other group that the user is a member of.

To select add user or group other than PPTP-Users to a policy:

  1. Select Firewall > Firewall Policies.
  2. Double-click a policy.
    The Policy configuration page appears with the Policy tab selected.
  3. In the From section, click Add.
    The Add Member dialog box appears.
  4. From the Member Type drop-down list, select Firewall User or Firewall Group.
  5. Select the user or group you want to add and click OK.
    The user you selected appears in the From list.
  6. Click Save.

For more information on how to use users and groups in policies, see Use Authorized Users and Groups in Policies.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base