Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Question regarding #Port and ##ALL_RW special IP hosts

Looking at IP Hosts like #Port2 or ##ALL_RW, they are dynamic IP addresses, correct? So if Port2 is my WAN port and the ISP changes my IP (via DHCP), wherever #Port2 is used in any rule will automatically be updated instantly so that the rule still applies, correct?

The Help documentation doesn't mention the single-# names in particular. However, it does mention the souble-# names, like ##ALL_RW and say that the IP list updates "when they're established with the Sophos Connect client.". Does this mean that if I use an OpenVPN client, it will NOT be added to ##ALL_RW, or is the "with the Sophos Connect client" just slightly outdated and really means "VPN client"?



Added TAGs
[edited by: Raphael Alganes at 12:49 AM (GMT -7) on 10 Sep 2024]
Parents
  • hi  

    ##ALL_RW, this is the superset hostname, will be dynamically updated with virutal ip pool (for SSLVPN RA and IPsec RA) configured, when used in the firewall rule in 'source networks', packets from remote clients is allowed into the SFOS; works with any VPN remote access (RA) client.

    ##ALL_SSLVPN_RW - this is for SSLVPN RA virtual ip pool (configured in SSLVPN global settings)

    ##ALL_IPSEC_RW - this is for IPsc RA virtual ip pool (configured in IPsec RA - 'Assign IP from')

    I guess you are right on your observation regarding #PortX, specifically in cases like dnat or port forward or business app rules etc..

Reply
  • hi  

    ##ALL_RW, this is the superset hostname, will be dynamically updated with virutal ip pool (for SSLVPN RA and IPsec RA) configured, when used in the firewall rule in 'source networks', packets from remote clients is allowed into the SFOS; works with any VPN remote access (RA) client.

    ##ALL_SSLVPN_RW - this is for SSLVPN RA virtual ip pool (configured in SSLVPN global settings)

    ##ALL_IPSEC_RW - this is for IPsc RA virtual ip pool (configured in IPsec RA - 'Assign IP from')

    I guess you are right on your observation regarding #PortX, specifically in cases like dnat or port forward or business app rules etc..

Children
No Data