Join Log in
Score:0
halliba avatar Server

WatchGuard - BOVPN policy from "Tunnel Address" using "Any-BOVPN"

us flag
halliba

I just tried to set up an andvanced ingoing policy for our BOVPNs. Assuming there are 3 active tunnels: office-a.tun, office-b.tun and office-c.tun

We also have a group of privileged users (group privileged-users) that should be allowed to access our local resources in a "trusted" network via those BOVPN tunnels.

So my approach was to setup a new policy (call it BOVPN.in.allow.4-privileged). To: Any-Trusted (for testing purposes) From: Tunnel-Address

  • User/Group: privileged-users
  • Tunnel: Any-BOVPN

With this setup the policy is NOT applied to (e.g.) an authenticated user from office-a.tun. However, if I change the From member to: Tunnel-Address with same User/Group but the specific Tunnel eg. office-a.tun, it's working fine. This is not how I interprete the alias ANY-BOVPN and would require us to add a From member for each BOVPN (in face, there are a lot...)

Any thoughts on this?

Greetings, halliba

32
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.