I didn't see anything on the boards about how to accomplish this. I want to restrict access to PPTP to a "known good" management group of IPs. This wouldn't be a typical scenario as it requires PPTP connections be made from a known-good network.
I built an allow-good-ips on the firewall to allow pptp through from my sites. And a corresponding block-bad-ips to block pptp from all other sites. Allow was set before deny. I turned only the deny rule on yet the pptp server still accepted requests.
Recently had a similar issue with getting the Web Application Firewall running for IP restriction. Workaround there was to run it through NAT first. Built same allow and block rules in NAT, send the block one to a blackhole, works.
This thread was automatically locked due to age.
