Configuring Client Rules

You configure client rules at the vpn client-rules level. For more details on the structure of the command to configure client rules, see the Configuring Rules Using UPL section.

To create a VPN client rule, use the following command:

Admin@nodename# create vpn client-rules <position> upl-rule <parameters>

You need to specify the following parameters:

Parameter

Description

PASS

OK

Action to create a rule using UPL.

enabled

Enable/disable a rule:

  • enabled(yes) or enabled(true).

  • enabled(no) or enabled(false).

name

VPN client rule name.

Example: name("VPN client rule example").

desc

VPN client rule description.

Example: desc("VPN client rule example set in CLI").

profile

VPN security profile that defines a pre-shared encryption key and algorithms for encryption and authentication. Example: profile("Client VPN profile").

For more details on configuring security profiles, see the Configuring VPN Security Profiles section.

interface

VPN interface to connect VPN clients. To specify an interface, for example, tunnel1: interface(tunnel1).

For more information about how to add and configure VPN interfaces, see the VPN Device Settings section.

server_address

IP address of the VPN server to which this VPN client connects. It is usually the IP address of an interface in the Untrusted zone on NGFW that acts as a VPN server.

Format: server_address("1.2.3.4").

When displaying rules, the last VPN error, the connection status, and the connection time will be displayed in addition to the specified conditions and properties.

Example of creating a VPN client rule:

Admin@nodename# create vpn client-rules 2 upl-rule OK\ ...name("Test VPN client rule") \ ...desc("Test VPN client rule description") \ ...profile("Client VPN profile") \ ...interface(tunnel3) \ ...server_address("10.10.0.1") \ ...enabled(true) \

To edit a VPN client rule, use the following command:

Admin@nodename# set vpn client-rules <position> upl-rule <parameters>

To remove a VPN client rule, use the following command:

Admin@nodename# delete vpn client-rules <position>

To view parameters for VPN client rules that were created, use the following command:

Admin@nodename# show vpn client-rules <position>