Hi all!
We have a working SSL VPN that lets outside users access our internal LAN. But I want to restrict access to specific local addresse. Ie I dont want any VPN users to access 192.168.0.20.
How do I block a specific local IP?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.
You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.
That's the beauty of Interface/Route-based VPNs - you treat your VPN users as located somewhere on the Internet and connected to your LANs via ssl.root interface, as the consequence, you allow/block this traffic in security policy as you do with any traffic passing the firewall from interface to interface.
I have a deny policy now which has destination .20 and when its not in effect the users can reach everything and when it is applied they cant connect at all.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.