Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2834 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN & Spoof protection

Mokaz
Hi all,

Doing some VPN testings and i've found somthing odd out.

While mounting a VPN with all traffic routed through the tunnel (DNS included) and the UTM firewall configured with 
Firewall --> Advanced --> Spoof protection:	Strict
 then every DNS queries from any SSL VPN client (road warriors) are dropped by the firewall stating "Spoofed packet".

Also, is there any paper or document available onto the connectivity cascade with the UTM? by this i mean something like what happend if you have web filtering rules for some subnet/hosts ON but no NAT on that subnet and no specific firewall rules for that subnet either.. Well im trying to figure out how the divers possible rule sets are traversed indeed.

Thanks,
regards,
m.


This thread was automatically locked due to age.
Parents
  • 0
    I didn't follow your last post, but you definitely DON'T want to have any VPN Pool overlap with any other subnet known to the UTM.  The OpenVPN server doesn't do DHCP per se, but it does hand out IP addresses, routes, etc.

    Cheers - Bob
    PS Then again, maybe this is the known MiTM OpenSSL vulnerability.  9.113 was soft-released to address this.  I think 9.203 addresses the same issue for folks on 9.2.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I didn't follow your last post, but you definitely DON'T want to have any VPN Pool overlap with any other subnet known to the UTM.  The OpenVPN server doesn't do DHCP per se, but it does hand out IP addresses, routes, etc.

    Cheers - Bob
    PS Then again, maybe this is the known MiTM OpenSSL vulnerability.  9.113 was soft-released to address this.  I think 9.203 addresses the same issue for folks on 9.2.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML