You configure client rules at the vpn client-rules level. For more details on the structure of the command to configure client rules, see the Configuring Rules Using UPL section.
To create a VPN client rule, use the following command:
Admin@nodename# create vpn client-rules <position> upl-rule <parameters>
You need to specify the following parameters:
Parameter |
Description |
---|---|
PASS OK |
Action to create a rule using UPL. |
enabled |
Enable/disable a rule:
|
name |
VPN client rule name. Example: name("VPN client rule example"). |
desc |
VPN client rule description. Example: desc("VPN client rule example set in CLI"). |
profile |
VPN security profile that defines a pre-shared encryption key and algorithms for encryption and authentication. Example: profile("Client VPN profile"). For more details on configuring security profiles, see the Configuring VPN Security Profiles section. |
interface |
VPN interface to connect VPN clients. To specify an interface, for example, tunnel1: interface(tunnel1). For more information about how to add and configure VPN interfaces, see the VPN Device Settings section. |
server_address |
IP address of the VPN server to which this VPN client connects. It is usually the IP address of an interface in the Untrusted zone on NGFW that acts as a VPN server. Format: server_address("1.2.3.4"). |
When displaying rules, the last VPN error, the connection status, and the connection time will be displayed in addition to the specified conditions and properties.
Example of creating a VPN client rule:
Admin@nodename# create vpn client-rules 2 upl-rule OK\ ...name("Test VPN client rule") \ ...desc("Test VPN client rule description") \ ...profile("Client VPN profile") \ ...interface(tunnel3) \ ...server_address("10.10.0.1") \ ...enabled(true) \
To edit a VPN client rule, use the following command:
Admin@nodename# set vpn client-rules <position> upl-rule <parameters>
To remove a VPN client rule, use the following command:
Admin@nodename# delete vpn client-rules <position>
To view parameters for VPN client rules that were created, use the following command:
Admin@nodename# show vpn client-rules <position>