Is it possible to have two policies from the same zone to the same zone to only allow SSH access from the VPN range of address rather than from everywhere please?
I will try and explain the issue:
I have a "Customer-VR" which is connected to an aggregated interface "AE1". This in turn is connected to the internal network where the LNS resides and the Core.
I have a second VR, let's call it "ssh-vpn-VR". This has a physical interface of ge-0/0/8.
The ST interface, as the end point for data, is located within the "Customer-VR".
This all works perfectly at the moment but now I have the issue of allowing all traffic other than SSH through the Customer-VR but only SSH traffic from the VPN. So, can I craft two policies to complete this please?
if SSH access is working as you expect with one policy "application any", you can configure more specific policy to restrict the access. Make sure you place the specific policy above the any any policy.
Thanks, Suraj Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too