I'm a bit of a noob running the home based utm, and, having read 'the rulz" I've been trying to grapple with firewall vs web protection.
I thought I had my head around it, but can not get a particular set to work.
I have a machine on my network which uses openvpn over both https (TCP) and standard openvpn port 1194 (UDP). I also wanted to restict access from this machine to certain ip destinations.
my soultion was...
Under 'web protection' I created a 'web filter profile' giving access to this one machine under 'allowed networks' and created a 'policy' to go with this.
The policy blocked everything under the 'catagories' section, and I put my allowed ip list in the 'website' tab under 'allow these websites', and blocked all 'http://' sites with a regular expresion of " ^http://* " in 'block these websites'
so far so good.
In the 'filtering options', 'misc' tab, I tried to drag the openvpn service across to the 'allowed target services' window, but it wouldn't let me.
I believe this is because the openvpn service use UDP as the transport layer. I created a new service 'myopenvpn' using TCP/UDP for port 1194 and dragged that to the 'allowed target serices' window. Success.
For log purposes, I created a firewall rule dropping everything from this one machine going to the internet.
Results in testing were mixed.
Everything worked well with openvpn over https. However, it would appear that when using port 1194, it does not go through the web filter (not in the logs) and as a result gets blocked by the firewall rule (in the log as blocked as expected)
Is this because the web filter does not process UDP packets, and only TCP ones, or have i missed something?
Thanks
Mike
This thread was automatically locked due to age.
