Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 1208 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block internet connection through SSL VPN

Rodrigo Gulkas1

Hello everyone,

I have a customer that use an XG 115 Firewall on their office and as they are planing to share a shared folder from their server with partners around Brazilian territory, they would like to use the SSL VPN connection to make it possible. They are planing to share a Excel Sheet with some macros enabled and unfortunately, this kind of sheet cannot be shared and used as they want on cloud services, we already tested it.

Well, as internet services on Brazil are not the best one as they are in other countries, our concern is about the amount of connections that will be made. They are planing to receive around 150 connections and as they only have 200Mbps on internet link available, we would like to know if is it possible to block the internet connection from these vpn users during their connection?

As we know, all VPN connections use the internet connection from XG 115 when they are connected, but thinking about reduce this usage and making available only shared folders to be accessed during the connection, what we need to do?

We would like to grant access to our servers on network 192.168.0.0/24, and VPN connections are being made on network 10.2.1.0/24.

Is it possible to be made?



This thread was automatically locked due to age.
Parents
  • +1

    Hello,

    Yes this is possible; What you want to do is a split-tunnel, with this option all Internet related traffic will go through the User Network at the same time the user will be able to access the Servers on your Network via the SSLVPN.

    While creating the Remote Access Policy for SSLVPN, you should disable (Use as default Gateway) option, and below It you should select the Server Network IP Range.

    Example:

    Thanks!

  • 0 in reply to Prism

    Awesome Prism.

    Thank you for your assistance.

    May I ask only one more thing?

    In this customer, we configured the servers to end between 10 to 19 on their IP address. Is there any way to limit the permited network through the IP address between 192.168.0.10 and 192.168.0.19?

    Other IP's on this network are being used by printers, laptops, DVR devices, etcetera. Users don't need to have access to them through the SSL VPN.

    Thanks.

  • 0 in reply to Rodrigo Gulkas1

    There's only two options, Networks or Single IP's. (You can't use Network Ranges.)

    If It's only one or two servers you can create them separately in there.

Reply Children