Restrict VPN Client to allow only Specific Traffic and block all
-
I am looking for a solution to block all traffic except ssh to one specific system
I had assigned one of my VPN user with static IP [Through Client Specific Override]
I need to restrict this user from accessing any of my network except one server through sshBasicaly
Deny all
Allow SSH only to One IPRegards
Sreyas -
Above your rule that allows all the vpn users full access, create two rules.
-
allow the static ip your giving him acccess to the server for ssh
-
block the static ip your giving him acccess to any
If he tries to connect elsewhere or to the server using any other protocol he'll be blocked.
Rules are read from the top down so your logic is a bit off.
Once he's on the server via ssh he can ssh, telnet, etc … anywhere, you'll need to restrict what he can do there too imo.
-
-
I tried this for my LAN users but failed, may be I had done Wrong. The purpose was to block RDC 3389
1. I had created an Alias for some of our users with their IP
2. I had created a rule on LAN Interface with Allow All for this Alias as Source
3. Just bellow I had added Deny Port range MS RDP 3389 for those usersIs this the same way I need to configure for VPN.
On which interface do I configure for OpenVPN users [LAN / WAN / OVPN ]
I am bit confused.
Regards
Sreyas -
I tried this for my LAN users but failed, may be I had done Wrong. The purpose was to block RDC 3389
1. I had created an Alias for some of our users with their IP
2. I had created a rule on LAN Interface with Allow All for this Alias as Source
3. Just bellow I had added Deny Port range MS RDP 3389 for those usersIs this the same way I need to configure for VPN.
On which interface do I configure for OpenVPN users [LAN / WAN / OVPN ]
I am bit confused.
Regards
SreyasPost a screenshot of your rules, the rules go on the interface where the traffic enters the firewall.