4. Site-To-Site access by select few

Site-To-Site access by select few

  • A

    I have a network where a site-to-site is setup.  There is one central office and four branch locations.  I'd like to tighten down some rules.  I'd like to have a select few PCs in the central office be able to access branch locations.  Not every PC a central office needs branch office access.

    I have setup an alias with the IPs of the PCs that I want to have access.  In Firewall:Rules:OpenVPN do I simply change the "source" from * to the alias of the allowed PCs or is there something else I'm missing?  I guess the problem is that I'm not sure what direction this rule is based on.  Is the rule out-going or incoming?

    Is there a better way to achieve this then how I'm trying it now?

    thx.

    0
  • V

    A firewall rule handles the incoming traffic at the interface.
    So if you put this rule on the OpenVPN tab of the branch offices pfSense it would do its job.

    Alternatively you can put it a block rule on central office side, but on LAN interface, which block all traffic from other PCs to the branch office net:

    
    	 Proto 	Source 	                Port 	 Destination 	        Port 	Gateway 	Queue 	Schedule 	Description 	
block 	  *    !Allowed_PC_VPN_Access 	* 	 <branch office="" net="">* 	* 	* 	  	none         Block all others</branch>
    0
  • A

    Perfect.  Thanks for the great explanation.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy