Block internal IP from VPN

freber · ‎09-11-2021

Hi all!

We have a working SSL VPN that lets outside users access our internal LAN. But I want to restrict access to specific local addresse. Ie I dont want any VPN users to access 192.168.0.20.

How do I block a specific local IP?

Toshi_Esumi · ‎09-11-2021

You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.

View solution in original post

Toshi_Esumi · ‎09-11-2021

You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.

Yurisk · ‎09-12-2021

That's the beauty of Interface/Route-based VPNs - you treat your VPN users as located somewhere on the Internet and connected to your LANs via ssl.root interface, as the consequence, you allow/block this traffic in security policy as you do with any traffic passing the firewall from interface to interface.

Yuri Slobodyanyuk

freber · ‎09-12-2021

I have a deny policy now which has destination .20 and when its not in effect the users can reach everything and when it is applied they cant connect at all.

Block internal IP from VPN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website