Update the Access Control Policy on the Secure Firewall Threat Defense Device
Before deploying the remote access VPN policy, you must update the access control policy on the targeted Secure Firewall Threat Defense device with a rule that allows VPN traffic. The rule must allow all traffic coming in from the outside interface, with source as the defined VPN pool networks and destination as the corporate network.
Note | If you have selected the Bypass Access Control policy for decrypted traffic (sysopt permit-vpn) option on the Access Interface tab, you need not update the access control policy for remote access VPN. Enable or disable the option for all your VPN connections. If you disable this option, make sure that the traffic is allowed by the access control policy or pre-filter policy. For more information, see Configure Access Interfaces for Remote Access VPN. |
Before you begin
Complete the remote access VPN policy configuration using the Remote Access VPN Policy wizard.
Procedure
Step 1 | On your Secure Firewall Management Center web interface, choose Policies > Access Control. |
Step 2 | Click Edit on the access control policy that you want to update. |
Step 3 | Click Add Rule to add a new rule. |
Step 4 | Specify the Name for the rule and select Enabled. |
Step 5 | Select the Action, Allow or Trust. |
Step 6 | Select the following on the Zones tab:
|
Step 7 | Select the following on the Networks tab:
|
Step 8 | Configure other required access control rule settings and click Add. |
Step 9 | Save the rule and access control policy. |