Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 1230 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN restrict user access to LAN resources

Downsideup

Hi, i have set up a IPSec VPN so that users can VPN into the XG and access the internet and some internal resources.

I would like to only allow certain users to be able to see one of my servers, is this possible?



This thread was automatically locked due to age.
Parents
  • +1

    Hi  : Yes with the help of firewall rule it is possible. You may set up 1 rule to allow traffic which covers that user and that server IP and create another rule exactly below in position to this allow rule to drop rest of the user traffic from VPN to that server IP with rule action drop.

    Reference snapshot from local XG for rule configuration.

    Allowed Rule for test user to have access of DMZ server:



    Drop rule for other users from VPN to DMZ for same DMZ server.



    Rule view from "Firewall rules" page:



    Please change zone, user and IP in above settings as per your requirement. 

  • 0 in reply to Vishal_R

    Thank you Vishal, do I need the second rule if I only allow the connection to specified users\groups in the first rule?

  • 0 in reply to Downsideup

    Hi  : The firewall rule matches the traffic in top to bottom order, if no any other matching rule found for other users after configuring allow rule for specific user then drop rule not needed, but if traffic will getting any matching rule in top to bottom approach, then it will allow traffic via that rule and in that case you may need create drop rule as per above.

Reply Children
No Data