I’m curious to know at which end of a VPN tunnel most people apply restrictions.
My thoughts are that you should apply restrictions near the device you’re trying to protect. So I would allow all traffic from a branch office to a hub and restrict access to servers at the hub. I suppose the restrictions could be applied on the branch firewall only, or at both ends.
How do you implement firewall policies in your environment? Are you aware of a documented best practice?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
As you said I apply the protection near the protected device.
If I have servers on hub side I protect them on the hub firewall, instead of protecting the same servers on every branch firewall, while on branch firewalls I protect the clients.
Hi @Magnitude_8 ,
Most of the time security policies are required on VPN Tunnel traffic because it is considered safe traffic at most of the time but if you wish to have a security policy you can have them on any side of the tunnel but be aware that it might affect the throughput of the tunnel.
Regards
Rajan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.