Login Restriction - Not working

Jossy,

can you share what you have configured?

Is the user able to access the web interface?

Thanks

Hi Luk

Yes, I am able to access the web interface of the XG125 while connected with the VPN user.

I don't want all the VPN users to access the web interface of the XG125.

I am trying to upload a .jpg file of the screen shot. However, I keep getting the error while uploading the file.

Also, I noticed that if I am connected as a PPTP VPN user, I am unable to connect to the Internet from my existing network. However, it works perfectly using SSLVPN. Do I need to enable any special settings to enable that from PPTP VPN Connection?

Regards

Jossy

Jossy,

check the https web admin configuration under Administration > Device Access.

For the PPTP user, make sure to create proper firewall rule to allow traffic from PPTP network to WAN. Also on the client side make sure to check (route all traffic using this gateway). The other option is to uncheck this checkbox so PPTP users can use their internet gateway to surf on internet.

See this article:

http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/pptp/mvpn_pptp_internet-access_c.html

Luk

Under my Administration --> Device Access the https web admin option is enabled over VPN. 

My question was : using the PPTP VPN I would like to restrict the user access to different objects. Though I entered the allowed Node as only one computer over the PPTP VPN, since under my Administration --> Device Access the https is enabled for VPN, it will allow the https web interface to go through as well. Am I right?

Regarding the Internet access over the PPTP VPN, I referred to your suggested article's "Split Tunnel VPN Setup for Mobile VPN with PPTP" option for Windows 7. It worked out for me.

Appreciate your assistance.

Regards

Jossy

Jossy,

you can disable HTTPS for VPN zone and use ACL inside the same menu in order to allow more restricted HTTPS access.

Well done for the PPTP.

Luk

I went to the Zones session under my XG125. I see that except the LOCAL & VPN every other zones have been enabled. The VPN & LOCAL have been greyed out and am unable to edit the settings.

I am using the built in Admin account. Why is it like that? 

Regards

Jossy

Jossy,

I am not sure if you can deny access using LOCAL Service ACL inside the device access page.

See the doc on how to use ACL. Try and let us know. I am not able to test because I am out of the office.

http://docs.sophos.com/nsg/sophos-firewall/v16012/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FLocalServiceACLEdit.html%23

Regards

Jossy,

I am not sure if you can deny access using LOCAL Service ACL inside the device access page.

See the doc on how to use ACL. Try and let us know. I am not able to test because I am out of the office.

http://docs.sophos.com/nsg/sophos-firewall/v16012/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FLocalServiceACLEdit.html%23

Regards