Configuring The Remote Site - Stormshield SN series Configuration Manual

In the case presented, a client workstation located on the local network of the remote site must
be able to connect in HTTP to the intranet server located on the local network of the main site
(rule no. 1). You can also temporarily add, for example, ICMP to test the setup of the tunnel more
easily (rule no. 2).
The filter rule will look like this:
The advanced features on IPS-Firewalls (use of proxies, security inspection profiles, etc)
can of course be implemented in these filter rules.

Configuring the remote site

The aim of this chapter is to reproduce on the remote site a configuration symmetrical with the
one created on the main IPS-Firewall.
Creating network objects
The objects are the same as those defined on the main IPS-Firewall. Please refer to chapter
Configuring the main site, under
Creating IPSec tunnels
Please refer to chapter Configuring the main site, under
remote site, the fields to be entered in the wizard will have the following values:
Local network: Private_Net_Remote_Site,
l
Remote network: Private_Net_Main_Site,
l
Remote gateway: Pub_Main_FW,
l
Pre-shared key: the same password as the one entered on the main IPS-Firewall.
l
Creating filter rules
In the menu Configuration > Security policy > Filtering and NAT, select your filter policy. In the
Filtering tab, click on the menu New rule > Standard rule.
In the case presented, a client workstation located on the local network of the remote site must
be able to connect in HTTP to the intranet server located on the local network of the main site
(rule no. 1). You can also temporarily add, for example, ICMP to test the setup of the tunnel more
easily (rule no. 2).
The filter rule will look like this:
Page 400/448
NOTE
Creating network
SNS - USER CONFIGURATION MANUAL V.3
HOW TO: IPSEC VPN - AUTHENTICATION BY PRE-SHARED KEY
objects.
Creating the IPSec tunnel
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
. For the