Site to site protection


Is it possible to apply fire wall over site to site VPN?
For protection, I need to allow only few ports and block all other.

Also, Is it possible to configure S2SVPN only one sided (People from my LAN can reach a server in the other side, but the other side can't reach my LAN).



  • Yep. Simply create an network defination for each site (you may have this already) that contains the subnets of each site.

    Then create the firewall rules as desired eg SITE A > ANY > SITE B (to allow all traffic from SITE A to B), SITE B > http> SITE A to allow http from SITE B to SITE A