Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country Restriction vpn ssl

I have configured an SSL VPN to which I want to apply a restriction so that it only allows connections from Colombia, I have created the ACL allowing "Colombia" in the Source and selected the User Portal and SSL VPN services, after this I have disabled access from the wan for both services, I can successfully connect to the user portal and download the VPN, but when I check the VPN file it does not include the public IPs of the client, only some private IPs, when I re-enable wan connections for both User Portal services and SSL VPN, I download the file, and the Public IP to which I will connect appears without any problem.


services disabled from WAN

ACL



Config File .ovpn

Services Enable From WAN



Config File .ovpn



This thread was automatically locked due to age.
Parents
  • Hello Alexander,

    I have never seen such behaviour, and I have configured many SSL VPNs with country restrictions as you described.
    But because i almost ever have a NAT router or firewall in front of Sophos firewall, I always have to fill the "Override hostname" within the SSL VPN global settings with FQDN or public IP.
    Maybe, without this only the usable interface IP's are listed within VPN-client ... and with WAN-Interface (zone) disabled ... it works as designed.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Hello Alexander,

    I have never seen such behaviour, and I have configured many SSL VPNs with country restrictions as you described.
    But because i almost ever have a NAT router or firewall in front of Sophos firewall, I always have to fill the "Override hostname" within the SSL VPN global settings with FQDN or public IP.
    Maybe, without this only the usable interface IP's are listed within VPN-client ... and with WAN-Interface (zone) disabled ... it works as designed.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
No Data