Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 905 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG site-to-site IPSEC VPN - block only devices from site B from reaching site A

Aaron Berger

Hey Guys,

So, I have created a site-to-site VPN between a Sophos XG and a 2nd network which has an NBN modem. Link is up, stable and I can reach devices both ways. I really only want site A (the XG side) to be able to reach devices on site B and only one device (which has a static IP) on site B to be able to access site A. I'm using the "automatic VPN rule" created when I configured the IPSEC VPN.

If I want to block all devices on site B except for one device with a static IP from accessing devices on site A, could I just remove the site A LAN subnet from the "destinations & services" section in the rule on the XG and add just that single IP to the rule, or will that cause issues?

Is there a better way I should be doing this?

Kind regards

Aaron



This thread was automatically locked due to age.
Parents
  • 0

    Hi Aaron Berger,

    If you want your LAN user of Site B to stop accessing the Site A network, At site B please modify LAN to VPN firewall rule and specify the IP hosts you want to allow to reach from Site B to Site A or if you want to block it completely, you can select drop action in LAN to VPN firewall rule at site B.

  • 0 in reply to Keyur

    Hey Keyur,

     

    Thank you for your reply. Site b has a standard NBN modem which does not support firewall rules.

    So, from the XG site A side, how can I block all LAN IP from site B except for 1 IP?

Reply Children