This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect Restrict by IP Range

Hello,

We have a VPN primarily for an off-site location. Is there a way I can restrict this user to a specific IP or MAC to prevent the login from being used at any other location (remote user, brute force attack, etc). I see the MIC binding and login restriction under Auth > Users. This does not seem to take any affect when I apply it. I am a little confused in the user settings what fields apply to the SSL VPN and which to the Sophos Connect (IPSec) client.

Thanks,

Mike

This thread was automatically locked due to age.

0 LuCar Toni over 4 years ago

You want to allow Sophos Connect only from a specific IP? Because MAC is kinda hard to deal over the internet.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Orlando over 4 years ago in reply to LuCar Toni

Yes, a specific IP or IP range would be great.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Orlando over 4 years ago in reply to LuCar Toni

Also, I found what NOT to do. I set the VPN to United States and my remote connection was then blocked. I presume it is looking at the internal IP of the VPN connection and since not specific to any country, I was droppped.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to Mike Orlando

Actually kinda unusual usecase, to restrict VPN (Remote access) to a certain IP. But you could do this.

Do you have V18 or V17?

Use V17.5: https://support.sophos.com/support/s/article/KB-000036960?language=en_US

Or V18 with two different NAT Rules. One with your allowed IPs, which does nothing (for example Your IP, ANY, ANY, No Translation). And another rule with ANY - ANY - Ipsec - DNAT to a Blackhole Host.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mike Orlando over 4 years ago in reply to LuCar Toni

V18, thanks. I will look into that. Appreciated.
Cancel
Vote Up 0 Vote Down

Cancel