Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 761 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Even though VPN-WAN rule is disabled then also SSL-VPN Remote Access users are able to connect to SSL-VPN

Manish Chawda

Hi,

Even though VPN-WAN rule is disabled then also SSL-VPN Remote Access users are able to connect to SSL-VPN. Yes there are 2 more rule that are SSL-VPN S2S LAN-VPN and VPN to LAN.

But SSL-VPN Remote Access VPN-WAN rule is disabled then also users are able to connect to SSL-VPN.

Kindly advise!

Manish



This thread was automatically locked due to age.
  • 0

    What do you mean by this statement? Are you have problems with Users connecting or users using SSLVPN for internet connections? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    No! I do not have any problem but could not understand as to how SSL-VPN Remote Access users can connect if Firewall rule for SSL-VPN Remote Access --- VPN to WAN is disabled.

    But

    Yes there are 2 more rule that are SSL-VPN S2S LAN-VPN and VPN to LAN. 

    Is that SSL-VPN Remote Access instead of throwing error the packets are passing to the above mentioned firewall rules, is it ? If so as per my knowledge it is incorrect

    Please advise!

  • 0 in reply to Manish Chawda

    Firewall Rules have not effect on this. SSLVPN and other services are purely controlled by Device Access. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Then why in one the Sophos techvids like video while explaining SSL-VPN they suggest for Firewall rule to be created w.r.t full-tunnel which I have already created. 

    Also what is  SSLVPN and other services are purely controlled by Device Access.  ?

    You mean to say in Sophos - Under Administration - Device Access ? If yes, then what to look for ?

  • 0 in reply to Manish Chawda

    SSLVPN is a service, which builds a tunnel. After the tunnel is establish, a connection will flow through SFOS. This connection traffic needs a firewall rule (VPN to LAN, VPN to WAN etc.). 

    But to build up a tunnel, you need to have SSLVPN in Device Access enabled/disabled. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Exactly my question is that only

    If VPN-WAN rule required for SSL-VPN is disabled how come users are able to connect, Please advise. 

  • 0 in reply to Manish Chawda

    The Firewall does not reflect anything about SSLVPN. The Tunnel is allowed/denied in Device Access.

    After the Tunnel is establish, the connection through firewall is allowed/denied via Firewall rule. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I got it!

    But as per you mentioned

    After the Tunnel is establish, the connection through firewall is allowed/denied via Firewall rule. 

    Then why in my case even if the firewall rule is denied/disabled then also users are able to connect ?

  • 0 in reply to Manish Chawda

    SSLVPN Connection is not controlled by the Firewall rules. 

    You can connect a SSLVPN Client via Device Access, but deny all connections by the client to anything. But the Tunnel is still connected. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    OK!

    As per techvids, ssl-vpn if configured Full Tunnel then it is mandatory to create Firewall Rule but not in case of Split Tunnel

    I think that the above statement is contradicting 

    Your statement 

    SSLVPN Connection is not controlled by the Firewall rules. 

    You can connect a SSLVPN Client via Device Access, but deny all connections by the client to anything. But the Tunnel is still connected. 

    Or I am not able to understand ...

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?