Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 3 answers
  • Subscribers 41 subscribers
  • Views 1910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS time based VPN

admin_idl

Hallo,

how is it possible to control the IPSEC Remote VPN Access time-based on the XGS, so that the users can only establish a connection at certain times?

Thank You!



This thread was automatically locked due to age.
  • 0

    Hi,

    Thank you for reaching out to Sophos Community.

    On the VPN Firewall Rule Allow Rule, have you tried to configure the "during scheduled time" ?

    During scheduled time Select a schedule or create one. Sophos Firewall matches the rule criteria during the time period and day of the week that you select.

    For more reference, kindly check the following

    Select the source matching criteria.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0

    IPsec Remote Access VPN supports Idle timeout where SFOS disconnects idle client tunnels after the specified time. Whenever traffic activity resumes on this tunnel, the tunnel re-establishes automatically. 

  • 0

    Do it with a Firewall Rule, you will get the same outcome: The Firewall Rule based on Users is only allowed at your timewindow. 
    So they can potentially build VPN, but not reach anything. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    To add a bit more detail to what  and  said, see these screenshots for how we do it.

    Rather than 'allowing' at certain times, we find it easier to add a timed block as the top/first firewall rule. This is easier than adding timed 'allows' for every firewall rule (if you have more than one) and reduces the chances of errors if you ever need to make changes.

    We are using 'Match known users' because some people are allowed access at any time so we just block certain people outside work hours.

    The effect of this rule is to block the named users at the 'VPN Access Block' scheduled times. If you want to block everybody at certain times, just don't use 'Match known users'.

Unfiltered HTML