For compliance reasons I need to be able to restrict what users or computers are able to traverse a site to site tunnel to our colo facility. From what I've read here and in the KB it isn't clear to me what options there and how to implement them. Would any of you be able to provide a bit more clarity on that subject?
Here is the configuration:
Main (SRX340) is connecting to Colo (SRX300).
Users A, B, and C need to be able to connect to the Colo on 22, 80, and 443 (perhaps others), but users D, E, and F cannot be allowed to connect under any circumstances.
Any questions, thoughts or suggestions?
If you create the site-to-site as a route based VPN, then you can create all the specific security policies you need against the traffic that traverses the tunnel.
In step 1 & 2 you simply create more address objects and write as many secuirty policies as needed to allow and block the required traffic.
Thanks for clearing that up. I'll dig into the KBs and go from there.