Configuring firewall policies on HQ
Configuring firewall policies on HQ
- To create firewall policies on HQ, go to Policy & Objects > IPv4 Policies and select Create New.
- Enter From-HQ-to-Branch for the Name, the LAN-side interface on HQ for Incoming Interface (in the example, internal), and the VPN tunnel interface for Outgoing Interface (in the example, VPN-to-Branch).
- For the Source, select HQ-original, for the Destination select Branch-new, and for the Service select ALL.
- Finally, enable NAT, select Use Dynamic IP Pool, and select the HQ-new IP Pool.
- Repeat the process to create an additional new IPv4 Policy.
- Enter From-Branch-to-HQ for the Name, the VPN interface for Incoming Interface (in the example, VPN-to-Branch), and the LAN-side interface for Outgoing Interface (in the example, internal).
- For the Source, select Branch-new, for the Destination select HQ-new-to-original (the Virtual IP object you created in the "Configuring static routes on HQ" section), and for the Service select ALL.
- Note for this policy, you do not need to enable NAT.
Configuring firewall policies on HQ
Configuring firewall policies on HQ
- To create firewall policies on HQ, go to Policy & Objects > IPv4 Policies and select Create New.
- Enter From-HQ-to-Branch for the Name, the LAN-side interface on HQ for Incoming Interface (in the example, internal), and the VPN tunnel interface for Outgoing Interface (in the example, VPN-to-Branch).
- For the Source, select HQ-original, for the Destination select Branch-new, and for the Service select ALL.
- Finally, enable NAT, select Use Dynamic IP Pool, and select the HQ-new IP Pool.
- Repeat the process to create an additional new IPv4 Policy.
- Enter From-Branch-to-HQ for the Name, the VPN interface for Incoming Interface (in the example, VPN-to-Branch), and the LAN-side interface for Outgoing Interface (in the example, internal).
- For the Source, select Branch-new, for the Destination select HQ-new-to-original (the Virtual IP object you created in the "Configuring static routes on HQ" section), and for the Service select ALL.
- Note for this policy, you do not need to enable NAT.