You configure server rules at the vpn server-rules level. For more details on the structure of the command to configure server rules, see Configuring rules using UPL.
You need to specify the following parameters:
|
Parameter |
Description |
|---|---|
|
PASS OK |
Action to create a rule using UPL. |
|
enabled |
Enable/disable a rule:
If not specified when it is created, the rule will be enabled once created. |
|
name |
VPN server rule name. Example: name("VPN server rule example"). |
|
desc |
A description of the rule. Example: desc("VPN server rule example configured in CLI"). |
|
profile |
VPN security profile that defines a pre-shared encryption key and algorithms for encryption and authentication. Example: profile("Client VPN profile"). For more details on configuring security profiles, see Configuring VPN security profiles. |
|
vpn_network |
VPN network. Example: vpn_network("VPN network example"). For more details about how to configure VPN using CLI, see Configuring a VPN Network. |
|
auth_profile |
Authentication profile for VPN users. You can use the same auth profile used to authenticate users to obtain access to the Internet. Note that transparent authentication methods such as Kerberos, NTLM, or SAML IDP cannot be used for VPN authorization. To specify a profile: auth_profile("Example user auth profile"). For more details about how to create and configure auth profiles using CLI, see Configuring authentication profiles. |
|
interface |
VPN interface to connect VPN clients. For example, to specify the interface tunnel1: interface(tunnel1). For more information about how to add and configure VPN interfaces, see Configuring a VPN device. |
|
src.zone |
Zone from which VPN connections are allowed. Example of setting source zone: src.zone = Untrusted. For more details about configuring zones using the CLI, see Zones. |
|
src.ip |
Lists of IP addresses or domains from which VPN connections are allowed. Example for IP addresses: src.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. Example for domains: src.ip = lib.url(). Specify the URL to which necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists. |
|
user |
Users and user groups allowed to connect via VPN. To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see Configuring LDAP connectors). The following line describes how to add a local user (local_user) and group (Local Group), a user (example.local\AD_user), and an LDAP group (AD group):
user = (local_user, "CN=Local Group, DC=LOCAL", "example.loc\\AD_user", "CN=AD group, OU=Example, DC= example, DC=loc")The Active Directory domain example.loc has been already configured. When adding LDAP users and groups, you can specify a list of paths on the server, starting from which the system will search for users and groups. |
|
dst.ip |
Lists of IP addresses of the interface to which the clients will be connected. To specify an IP address list: dst.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. |