Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 12954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restrict access to VPN from certain countries

RobMobiles

Is there a way of blocking countries from trying to access my VPN?
Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Rob,

    you can use country blocking when you create the network rule to allow VPN users from internet. It should work!

    Have a look at the guide or this thread to configure SSL VPN: https://community.sophos.com/products/xg-firewall/f/vpn/10975/ssl-vpn-policy

  • +1 in reply to lferrara

    Hey Luk & Rob,

    Unfortunately that would not work as the SSL VPN listener to allow the initial connection occurs before the firewall, like an auto created rule that you cannot configure.

    If you're just looking at blocking access to your SSL VPN from illegitimate sources then the security set-up of OpenVPN should be sturdy enough. It requires a dual factor (triple if you enable OTP in v16) wherein you need the valid client certificate and the username+pass that applies to that certificate.

    To appropriately block access to your SSL VPN via countries, you need to do this through the ACL rules in Device access (Cog > Administration > Device Access). You can do this either via allowing SSL VPN on the WAN then restricting it using an ACL to block countries or denying WAN and using an ACL to allow countries.

    Hope that helps!

    Emile

Reply
  • +1 in reply to lferrara

    Hey Luk & Rob,

    Unfortunately that would not work as the SSL VPN listener to allow the initial connection occurs before the firewall, like an auto created rule that you cannot configure.

    If you're just looking at blocking access to your SSL VPN from illegitimate sources then the security set-up of OpenVPN should be sturdy enough. It requires a dual factor (triple if you enable OTP in v16) wherein you need the valid client certificate and the username+pass that applies to that certificate.

    To appropriately block access to your SSL VPN via countries, you need to do this through the ACL rules in Device access (Cog > Administration > Device Access). You can do this either via allowing SSL VPN on the WAN then restricting it using an ACL to block countries or denying WAN and using an ACL to allow countries.

    Hope that helps!

    Emile

Children