Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 9804 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - w/o local access

Pedulla

Hi All,

UTM 9.414-2 Home License.

I use SSL VPN to provide secure access to the home network and external browsing.  Some of my kids are away from home now and I want to continue to provide the SSL tunnel for them but don't want them to have access to the local network (Who knows where those devices have been...;) 

The SSL Access Profile provides for allowed networks, but not denied networks.  

So the question is, how do I setup a profile to allow access to "the world" but not my local network?

Am I missing something stupid simple here?

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Just some thoughts in addition to the above.  I like to use UDP 1443 instead of TCP 443 for the SSL VPN.  Not only does it avoid conflicts with any other part of the UTM, but it makes for a noticeably faster tunnel.

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    SSL VPN Profiles are additive.  If user "pedulla" is in one that has "Internal (Network)" in 'Allowed Networks' and a Profile with only 'Internet', he will have access to both.  If "pedullajr" is in only the second Profile, he will only have access to the Internet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Just some thoughts in addition to the above.  I like to use UDP 1443 instead of TCP 443 for the SSL VPN.  Not only does it avoid conflicts with any other part of the UTM, but it makes for a noticeably faster tunnel.

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    SSL VPN Profiles are additive.  If user "pedulla" is in one that has "Internal (Network)" in 'Allowed Networks' and a Profile with only 'Internet', he will have access to both.  If "pedullajr" is in only the second Profile, he will only have access to the Internet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML