Guest User!
You are not Sophos Staff.
Hello. We have a FW rule to block all/all/all traffic coming from specific IP addresses. It seems to work for HTTPS attempts etc. but IPSec login attempts are not blocked. How do we block Sophos Connect VPN login attempts from specific IP addresses?
Hello Ken,
Thank you for contacting the Sophos Community.
At the moment this isn’t possible as the connection takes precedence before the Firewall Rules for VPN.
What you can do is to create a DNAT rule to a Blackhole (Fake IP) for the Public IPs you don't want to connect on Port 500
Original Source = The Public IP where the Sophos Connect Client is connecting from
Original Destination = #Port number of your Public IP
Original Service = I created one Service called Port_500, to just narrow down to the Port of Sophos Connect
Translated Destination (DNAT) = Fake IP
Inbound Interface = Port that matches the Original Destination
Regards,
Hello Ken,
Thank you for contacting the Sophos Community.
At the moment this isn’t possible as the connection takes precedence before the Firewall Rules for VPN.
What you can do is to create a DNAT rule to a Blackhole (Fake IP) for the Public IPs you don't want to connect on Port 500
Original Source = The Public IP where the Sophos Connect Client is connecting from
Original Destination = #Port number of your Public IP
Original Service = I created one Service called Port_500, to just narrow down to the Port of Sophos Connect
Translated Destination (DNAT) = Fake IP
Inbound Interface = Port that matches the Original Destination
Regards,
