This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to site IPSEC Tunnel and User Defined Firewall rules

Hi All,

Currnelty Running a UTM Version 9.7115-5.   I've added some associate company sites to a Site-To-Site IPSSEC tunnel.

We have the tunnel established and running fine with the "automatic Firewall Rules...  However.....

1. Id' like to restrict the traffic from the other site to only hit a few of the servers in my subnet and not every IP address in my subnet.   (Trying to limit virus exposure potential, and network scans, and restrict the other site to just the IP's on my site i want to allow. )..  

I thought this would be easy, but it's not working.   

A: In my site to site IPSEC tunnel I disabled the Automatic Firewall rule, checkmark then

B. Went to Network Services > Firewall  and made an allowed rule from their Network  to the specific IP address Hosts i my subnet   i want to allow.  

C. Went to Network Services > Firewall and made a Drop Rule from their network to my internal network.   (Hoping to drop any traffic that is not for rule B.)

D.  Went to Network Services > Firewall and made an allow rule to allow any of my pc's to their network..   (So i can get to IP address's on their network.)

THe problem is when i  enabled all the rules, i can still Ping traffic from any of my local ip address.. The restriction is not working... As a matter of fact even without any rules, or just the drop rule enalbed (Their network to our network)  traffic is still allowed to flow though the site to site tunnel... It appears to me as if the firewall rule isn't being used at all... (What should the respose be with no firewall rules?)

This thread was automatically locked due to age.