Using a zone with a policy as a concentrator
If you put all of the hub IPsec interfaces involved in the VPN into a zone, you can enable communication among all of the spokes and apply UTM features with just one security policy.
To create a zone for the VPN
1. Go to System > Network > Interfaces.
2. Select the down-arrow on the Create New button and select Zone.
3. In the Zone Name field, enter a name, such as Our_VPN_zone.
4. Select Block intra-zone traffic.
5. In the Interface Members list, select the IPsec interfaces that are part of your VPN.
6. Select OK.
To create a security policy for the zone
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
3. Enter the settings: and select OK.
Incoming Interface | Select the zone you created for your VPN. |
Source Address | Select All. |
Outgoing Interface | Select the zone you created for your VPN. |
Destination Address | Select All. |
Action | Select ACCEPT. |
Enable NAT | Enable. |