Hello,
I am running sophos utm home 9.501-5, and have a simple external/internal interface setup with my external IP being a valid public IPv4 address.
I have created an SSL VPN profile with the "auto-firewall off" setting. My goal was to only allow remote SSL VPN access from two specific subnets IPv4 Internet subnets. In my firewall ruleset i only have an explicit deny any source/service rule for all incoming traffic to my external interface, and no other rules. At this stage i have not created a specific rule to allow the remote vpn connectivity from the two specific internet subnets.
Upon testing the SSLVPN connectivity at this point i was surprised to find that it establishes correctly, apparently without a relevant firewall rule. Furthermore, the firewall log does not show any traffic coming from the source IP of my host on the internet for this VPN connection (yes the 'log traffic' option is enabled on my deny any/any firewall rule).
My question here is how and why is this VPN connection establishing? My deny any/any rule should be dropping the incoming VPN connection attempt, as it correctly does for all the other incoming traffic.
The answer may be that the order of operations in a packet flow through the UTM processes VPN traffic before evaluating firewall rules (this defies logic...my logic anyway), but if this is the case then i would ask:
1) What is the point function of the "auto firewall on/off" setting when creating an SSLVPN profile?
2) How do i allow only specific subnets to connect to the VPN and deny all others?
If anyone is able to shed some light here it would be greatly appreciated.
Thanks
This thread was automatically locked due to age.