An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies.
Which option must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A . Web type ACL
B . Port forwarding
C . Tunnel group lock
D . VPN filter ACL