Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Isolating a server

nf

I need to take one server on our LAN, prevent LAN access to it (reason is i have to encrypt traffic in transit) and allow users on our VPN access to it. Currently users using our SSL VPN have access to our LAN but also need to allow access to this one server. Should I plug this server into an unused port on the XGS and then allow the interface to the same SSL policy? if that works, then i just have to allow our backup server on our LAN to access that interface as well for backups using firewall rules i guess



This thread was automatically locked due to age.
  • 0

    Hello,

    Is your target setup similar to something like this?

    If it is, may recommend to put the server that's being accessed externally by VPN users into a DMZ then configure a redundancy on the server instead of a backup on LAN

    Further, I may also recommend you reach out to your local Sophos Sales Engineer or Partner should you need to discuss your setup further.

    Hope this helps

    Regards,

    Raphael Alganes
    Global Community Engineer, Support & Services
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.

    The award-winning home for Sophos Support videos! - Visit Sophos Techvids

  • 0 in reply to Raphael Alganes

    pretty much except its not just a web server but also need it to communicate with the LAN for backups and to our SIEM server. But clients on the LAN will not be able to connect unless they go thru vpn.