BOVPN policy from "Tunnel Address" using "Any-BOVPN"

Hi all,

I just tried to set up an andvanced ingoing policy for our BOVPNs.
Assuming there are 3 active tunnels: office-a.tun, office-b.tun and office-c.tun

We also have a group of privileged users (group privileged-users) that should be allowed to access our local resources in a "trusted" network via those BOVPN tunnels.

So my approach was to setup a new policy (call it BOVPN.in.allow.4-privileged).
To: Any-Trusted (for testing purposes)
From: Tunnel-Address

  • User/Group: privileged-users
  • Tunnel: Any-BOVPN

With this setup the policy is NOT applied to (e.g.) an authenticated user from office-a.tun. However, if I change the From member to:
Tunnel-Address with same User/Group but the specific Tunnel eg. office-a.tun, it's working fine.
This is not how I interprete the alias ANY-BOVPN and would require us to add a From member for each BOVPN (in face, there are a lot...)

Any thoughts on this?

Greetings, halliba

Sign In to comment.