Granular firewall rules
Firewall rules are configured to provide granular remote access for each group of users. They are configured as follows:
config firewall policy edit 9 set name "SSL_VPN-Administrators" set srcintf "ssl.root" set dstintf "port2" set action accept set srcaddr "all" set dstaddr "EMS" "FAZ" "Webserver" "FAC" set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic all set groups "LDAP-Administrators" set comments " “ next edit 10 set name "SSL_VPN-Finance" set srcintf "ssl.root" set dstintf "port2" set action accept set srcaddr "all" set dstaddr "Webserver" "Finance" set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic all set groups "LDAP-Finance" set comments " “ next edit 11 set name "SSL_VPN-Sales" set srcintf "ssl.root" set dstintf "port2" set action accept set srcaddr "all" set dstaddr "Webserver" set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic all set groups "LDAP-Sales" set comments " “ next end