VPN connections with no policy filters

 

If the connection endpoints of your VPN are single, specific, IP addresses and you want to start the VPN without having to write or activate filter rules on the system, you can configure a dynamic policy filter.

A policy filter rule defines which addresses, protocols, and ports can use a VPN and directs the appropriate traffic through the connection. In some cases, you may want to configure a connection that does not require a policy filter rule. For example, you may have non-VPN packet rules loaded on the interface that your VPN connection will use, so rather than deactivating the active rules on that interface, you decide to configure the VPN so that your system manages all filters dynamically for the connection. The policy filter for this type of connection is referred to as a dynamic policy filter. Before you can use a dynamic policy filter for your VPN connection, all of the following must be true:

If your connection meets this criteria, then you can configure the connection so that it does not require a policy filter. When the connection starts, traffic between the data endpoints will flow across the it regardless of what other packet rules are loaded on your system.

For step-by-step instructions on how to configure a connection so that is does not require a policy filter, use the online help for VPN.

 

Parent topic:

VPN and IP filtering