Hi,
I need to configure remote native vpn access using l2tp ipsec for a customer, is any way to restrict this connection only from customer public ip address? How to do this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Yes, you can create local in policy to allow l2tp service from customers public ip. Please see Technical Note: Filter ingress traffic going to th... - Fortinet Community
Best regards,
Jin
Hi Team,
L2TP will use 1701 port and PPTP will use 1723 port for the connection.
You can create service object for both ports and create two local in policies in the firewall:
1. First policy on top is to allow the traffic for specific user machine.
2. Second policy is to block L2TP for rest of the machines.
You can use this article for the reference:
https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/363127/local-in-policies
https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/245620/firewall-local-in-policy
Please test and keep us posted
But if I go to Local In Policy menu I have here configured two settings with UD 500 and 4500 Port from any source, so this mean any manually created local-in-policy in cli will have higher privileges than those built in?
@Tutek Initial traffic will go to 1723 or 1701, you configure local in policy manually in cli.
Your requirement to block the connection from all ip and accepting connection from only one ip should be acheieved
UDP 500 is IPsec and 4500 is NAT-Traversal. Not sure if restricting these would be enough.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
But these are first ports in IPSEC communication so blocking them are crucial.
My question is rather if I configure manually local-in-policy with "set service ike" whether this setting will have higher permissions over the settings (UDP 500,4500) that are already there, because I have already configured other Ipsec tunnels on router ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1703 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.