2.2.13.4. IPsec Policy¶
2.2.13.4.1. Default Value : IPsec Policy¶
2.2.13.4.2. Setting Items : IPsec Policy¶
Items |
Values |
Descriptions |
|---|---|---|
ID |
(Auto-Assign) |
ID is assigned accordingly based on ID creation. NOTE: You can NOT edit the ID. |
Move rule |
Any of [ No Move ] , [ Move before ] or [ Move after ] |
When you select either [ Move before ] or [ Mover after ], you will be asked to input the [ move_index ] items.
[ No Move ]: Adds one under the existing policy
[ Move before ] : Inserts a policy above the ID specifyed at [move_index] .
[Move after] :Inserts a policy below the ID, specified at [move_index].
Note:
· IPsec policies are judged in order from the top, and if there is a match, the policy is applied. Please be careful in the order because it is not judged by the policy below it.
The ID will be assigned in a Policy creation order, not in an alphabetical order.
-Even if you specify the order in [Move before] or [Move after], the added policy will be displayed at the bottom until you apply the setting in [Apply configuration]. After [Apply configuration], the policies are arranged in the specified order for each interface combination.
· You can change the order of policies by [Move before] or [Move After]. See "IPsec Policy Change(Update/Move/Copy/Edit/Delete)".
|
Enable |
Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox) |
If you mark to the [ Enable ] checkbox at the Object screen of a Firewall Policy, the relevant policy will be valid. |
Incoming Interface |
Port[4-10] or Tunnel[1-15] |
Select the incoming interface as the communication direction for this policy. |
Source Address |
(either [ Address Object ] or [ Address Group] ) |
You need to select a Source IP Address to apply the current Firewall Policy for. |
Outgoing Interface |
Port[4-10] or Tunnel[1-15] |
Select the outgoing interface as the communication direction for this policy. |
Destination Address Type |
(either [ Address Object ] or [ NAT Object ]) |
You need to select a destination type to apply the current policy for.
[ Address Object ] : Selects one address from among the addresses, which were assigned to a Port specified at the Outgoing Interface.
[NAT Object ] : Selects one NAT Object from among the Destination NAT Objects, whose Ports specified at an Incoming Interface are also registered as External Interfaces.
|
Service |
(either [ Service Object ] or [ Service Group ]) |
Select a service to apply this Firewall Policy for. |
| Action | [ ACCEPT ] or [ DENY } |
Select an Action to apply this Policy for.
[ ACCEPT ] :This order accepts the traffic.
[ DENY ]:This order rejects the traffics.
|
NAT |
Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox) |
Once you mark to this, specifying a Source NAT will be active. |
Log |
Specify either of [ All ], [ Disable ] |
You need to select the way to deal with the relevant log if the traffics will be applied for the currrent Firewall Policy.
[ ALL ]: Traffic log will be active ( valid ).
[ Disable ] : makes the relevant log [ Inactive ].
|
| Comment | (Half-width alphabetic characters & half-width numbers) |
Input the comments as necessary. You can not use the two-byte characters such as Japanese, within 225 words. |
Items |
Values |
Descriptions |
|---|---|---|
NAPT Object |
( Source NAT Object ) |
If you select [ Use NAPT Object ] at the NAT mode, you need to select a Source NAT Object. |
Note
In IPsec VPN, the Use Outgoing Interface Address of NAT mode is disabled.
For IPsec VPN, use the object created with: doc: 4300_object. The target objects are as follows.
2.2.13.4.3. IPsec Policy Add¶
Note
You need to be mindful of the sorting order of a IPsec Policy, for the IPsec Policy will be accordingly evaluated, one by one, in the ascending order. If any IPsec Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.
Even if you specify the sort order in [Move before] or [Move after], the added policy will be displayed at the bottom until you apply the setting in [Apply configuration]. After [Apply configuration], the policies are arranged in the specified order for each interface combination.
2.2.13.4.4. IPsec policy change (Edit / Move / Duplicate / Remeve)¶
Buttons |
Descriptions |
|---|---|
Edit |
Modify the settings of your selected IPsec Policy . |
Move Up |
Move up one line above your selected IPsec Policy. |
Move Down |
Move down one line just below your selected IPsec Policy . |
Duplicate |
Once you have duplicated your selected IPsec Policy, the IPsec Policy setting screen will open with the same setting value as the duplicated one.
This is useful for you to define another IPsec Policy with a same value.
|
Remove |
Remove your selected IPsec Policy . |
Note
You need to be mindful of the sorting order of a IPsec Policy, for the IPsec Policy will be accordingly evaluated, one by one, in the ascending order. If any IPsec Policy could match, the relevant one will be applied promptly. NOTE: The ID will be assigned in a Policy creation order, not in an alphabetical order.
The policy you added appears at the bottom until you apply the settings in [Apply configuration]. After [Apply configuration], the policies are arranged in the specified order for each interface combination.
