Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rules across IPSec S2S Tunnel into Segmented Network?

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 171 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheWaterbug
      last edited by TheWaterbug

      I am in the midst of (finally) segmenting my WFH and office networks. I have PCs and Things at both sites.

      I want the PCs at each site to be able to manage the Things at the same site, but I don't want the Things to be able to talk to the PCs unless the PCs initiate the traffic.

      Curiously, if I add a P2 to allow Things at Main to talk to Things at Home, now PCs at Main can talk to Things at Home.

      7dd97fba-de63-40c8-b5fc-7cae1d0e6d24-image.png

      How should I set up the firewall rules to control traffic? Do I enter the rules at the IPSec tab or at the Home:LAN60 tab or the Main:LAN0 tab?

      Thanks!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @TheWaterbug
        last edited by

        @TheWaterbug said in Firewall Rules across IPSec S2S Tunnel into Segmented Network?:

        Curiously, if I add a P2 to allow Things at Main to talk to Things at Home, now PCs at Main can talk to Things at Home.

        That's not curious, it's just by the design of the pfSense default rules. On IPSec there is a rule to allow any to any. If you don't want this modify the rule and restrict access to fit your needs.

        Basic Firewall Configuration Example

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.