Block internal IP from VPN

Forum|Forum|4 years ago
September 11, 2021
1 reply
4215 views

Hi all!

We have a working SSL VPN that lets outside users access our internal LAN. But I want to restrict access to specific local addresse. Ie I dont want any VPN users to access 192.168.0.20.

How do I block a specific local IP?

Best answer by Toshi_Esumi

You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.

Toshi_EsumiAnswer

SuperUser

You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.

Yurisk

SuperUser

That's the beauty of Interface/Route-based VPNs - you treat your VPN users as located somewhere on the Internet and connected to your LANs via ssl.root interface, as the consequence, you allow/block this traffic in security policy as you do with any traffic passing the firewall from interface to interface.

freberAuthor

New Member

I have a deny policy now which has destination .20 and when its not in effect the users can reach everything and when it is applied they cant connect at all.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded