A more secure LAN-to-LAN VPN solution
In order to establish a more secure LAN-to-LAN VPN connection, traffic policies should be
created instead of allowing all traffic between the two private Networks. The following steps
show how to enable some common services allowed through the VPN tunnel. In this example
we have a mail server, ftp server and a web server (intranet) in the main office that we want to
access from the branch office.
Settings for Branch office
1. Setup policies for the new tunnel, Firewall->Policy:
Click Global policy parameters
Disable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click Apply
2. Now is it possible to create policies for the VPN interfaces. Select from LAN to
toMainOffice and click Show.
3. Click Add new to create the first rule
90