BOVPN policy from "Tunnel Address" using "Any-BOVPN"
Hi all,
I just tried to set up an andvanced ingoing policy for our BOVPNs.
Assuming there are 3 active tunnels: office-a.tun, office-b.tun and office-c.tun
We also have a group of privileged users (group privileged-users) that should be allowed to access our local resources in a "trusted" network via those BOVPN tunnels.
So my approach was to setup a new policy (call it BOVPN.in.allow.4-privileged).
To: Any-Trusted (for testing purposes)
From: Tunnel-Address
- User/Group:
privileged-users - Tunnel:
Any-BOVPN
With this setup the policy is NOT applied to (e.g.) an authenticated user from office-a.tun. However, if I change the From member to:
Tunnel-Address with same User/Group but the specific Tunnel eg. office-a.tun, it's working fine.
This is not how I interprete the alias ANY-BOVPN and would require us to add a From member for each BOVPN (in face, there are a lot...)
Any thoughts on this?
Greetings, halliba