Adding a VPN Rule

Assuming an address group named MailServers containing all the mail servers exchanging encrypted mail, define the rule in the Rule Definition dialog box shown in the figure below.

Figure 6-5 Completed Rule Definition Dialog Box for the VPN Rule

The VPN rule appears on the Packet Filtering tab of the Policy Rules page. The more restrictive a rule is, the earlier it should be ordered in the list of rules because the rules take effect in order. The more restrictive VPN rule comes before the more general rule and so will take effect earlier.

Figure 6-6 VPN Rule

There is no limit to the number of VPNs to which a Screen can belong. For example, you can define two VPNs--one for encryption at 1024 bits, and one for encryption at 4096 bits. A single Screen can belong to both of those VPNs: one entry specifying the 1024-bit certificate, and the other specifying the 4096-bit certificate.

Previous: Using IKE With SunScreen
Next: VPN Limitations