Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 8332 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent access to SSL VPN

AngeloLelieveld
Hi,

Is it possible to restrict SSL VPN Access to specific public IP address? I want to prevent that everyone can setup a SSL VPN to our network.


This thread was automatically locked due to age.
  • 0
     I want to prevent that everyone can setup a SSL VPN to our network.
    Everyone can't because they don't have the certificate and they don't have your users credentials.  Might work to untick automatic firewall rules, then create manual ones.
  • 0 in reply to Scott_Klassen
    Yes, I know. But I would also want to restrict the SSL VPN Traffic to specific locations (IP's).
  • 0
    Hi Alelieveld, I agree with Scott that there's already good limitation.  You might want to look at two-factor authentication using OTP (One-Time Passwords).  However, there is a way to do what you want...

    Refer to #2 in Rulz.  Create the two following NAT rules, in order:
      No NAT : {Allowed IPs} -> {SSL VPN service} -> External (Address)
    • DNAT : Internet -> {SSL VPN service} -> External (Address) : to {non existent IP}

    Today, my preferred {SSL VPN service} for the SSL VPN is UDP 443.  In any case, you don't want to use the preceding technique with UDP or TCP 443.  In this case, you might want to use 1394 (OpenVPN) or 1443.  Again with preference for UDP because it make the VPN faster.

    Cheers - Bob