two or more policy for one connection is it possible

Forum|Forum|4 years ago
October 1, 2021
1 reply
5086 views

Hi, we have ssl vpn users group connecting to the office remotely so they are using policy allowing from wan to lan . is it possible to apply that group to another policy then after they passed 1st policy on the same firewall? So 1st policy then 2nd policy like that

Toshi_Esumi

SuperUser

First, SSL VPN's interface is ssl.root, which is not considered as wan. Because any hacker's attempt to break into wouldn't hit that particular interface. And, you must have policy ssl.root->lan.

Second, you can stack up multiple policies for ssl.root->lan. If traffic from SSL VPN users doesn't match the first policy, then it looks down to the next policy if it matches, and so on and on. This rule is universally applied to all policies for any interface sets.

bfakhriddiAuthor

New Member

My goal at this case not to use " if not this > then check/use this policy " logic, but " if this policy passed then use this policy" logic. Is it possible? Will it work this way if I will have policy one after another ? For example ssl vpn user connected and received some internal subnet ip -> then second policy for that subnet to send them to specific interface/remote site ?

Toshi_Esumi

SuperUser

Generally you configure in a portal setting what subnets to be sent to the client for the split-tunnel, although you can do it via a policy. Each policy is bound to the destination and once it matches, it would exit from the policy checking.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded