You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > Remote Access > VPN Tunneling > Writing a Detailed Rule for VPN Tunneling Access Control Policies

Writing a Detailed Rule for VPN Tunneling Access Control Policies

IPv6 support for ACLs - Layer 3 feature can be configured in the same way as IPv4, in the following 2 ways:

Simple Rules : Admin can configure IPv4/IPv6 addresses with allow/deny rules. These rules permit/deny access to an IPv4/IPv6 resource based on the IPv4/IPv6 address configured.

Detailed rules : Admin can configure IPv4/IPv6 addresses with allow/deny rules with conditions. These rules permit/deny access to an IPv4/IPv6 resource based on the IPv4/IPv6 address configured when the condition matches.

Every entry in the ACL policy corresponds to 2 entries in the FORWARD chain in iptables/ip6tables. One in the inbound direction and the other in the outbound direction.

To create/edit VPN Tunneling Access Control policy with IPv4/IPv6 resources with detailed rules:

  1. On the New Policy page for a resource policy, enter the required resource and role information.
  2. In the Action section, select Use Detailed Rules and then click Save Changes.
  3. On the Detailed Rules tab, click New Rule.
  4. On the Detailed Rule page:

    In the Action section, specify:

    • Allow Access—This option will permit accessing an IPv4/IPv6 resource based on the IPv4/IPv6 address configured.
    • Deny Access— This option will not allow accessing an IPv4/IPv6 resource based on the IPv4/IPv6 address configured.

    In the IPv4 Resources section, specify the IPv4 resources and

    In the IPv6 Resources section, specify the IPv6 resources

    NOTE: Admin can either configure IPv4 resources or IPv6 resources or both.

    In the Conditions section, specify one or more expressions to evaluate in order to perform the action (optional):

    • Boolean expressions: Using system variables, write one or more boolean expressions using the NOT, OR, or AND operators.
    • Custom expressions: Using the custom expression syntax, write one or more custom expressions.

    When specifying a time condition, the specified time range cannot cross midnight. The workaround is to break the time range into two conditions.

  5. Click Save Changes.
  1. On the Detailed Rules tab, order the rules according to how you want the system to evaluate them. Keep in mind that once the system matches the resource requested by the user to a resource in a rule’s Resource list, it performs the specified action and stops processing rules (and other resource policies).

Related Documentation