Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 502 views
  • Users 0 members are here
Options
Suggested

Country Restriction vpn ssl

Alexander Vasquez

I have configured an SSL VPN to which I want to apply a restriction so that it only allows connections from Colombia, I have created the ACL allowing "Colombia" in the Source and selected the User Portal and SSL VPN services, after this I have disabled access from the wan for both services, I can successfully connect to the user portal and download the VPN, but when I check the VPN file it does not include the public IPs of the client, only some private IPs, when I re-enable wan connections for both User Portal services and SSL VPN, I download the file, and the Public IP to which I will connect appears without any problem.


services disabled from WAN

ACL



Config File .ovpn

Services Enable From WAN



Config File .ovpn



Added TAGs
[edited by: Raphael Alganes at 1:47 PM (GMT -7) on 13 May 2024]
  • 0

    Hello Alexander,

    I have never seen such behaviour, and I have configured many SSL VPNs with country restrictions as you described.
    But because i almost ever have a NAT router or firewall in front of Sophos firewall, I always have to fill the "Override hostname" within the SSL VPN global settings with FQDN or public IP.
    Maybe, without this only the usable interface IP's are listed within VPN-client ... and with WAN-Interface (zone) disabled ... it works as designed.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML