This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall reply only

Hi all,

we have several Tunnels on our UTM running (at the Moment) with automatic policy.
Now we want to restrict the Access between the tunnels and the HQ.

The HQ should be allowed to Access all tunnels with full Access.
However the tunnels must not Access the HQ, but the tunnels should be allowed to send reply-packets to the HQ. (e.g. ping from HQ to Tunnel -> reply; ping from tunnel to HQ -> denied).

Is this possible?

Regards,
Johannes

This thread was automatically locked due to age.

0 BAlfson over 10 years ago

Hi, Johannes, and welcome to the User BB!

Yes, since the UTM is a stateful firewall, just deselect 'Automatic Firewall Rules' in the IPsec Connection for each branch and make a rule like '{HQ LANs} -> Any -> {LANs in all branches} : Allow'.

Note that "Any" does not include pings, and that those settings are regulated on the 'ICMP' tab of 'Firewall'. If the endpoints at the branches were UTMs, you would need a firewall rule there like '{HQ LANs} -> Ping -> {Branch LANs} : Allow'.

Is that what you were looking for?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel