Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 1793 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantine Report Allowed Networks - Risk of accepting all networks

Merlin Wanka

Hello all,

with many users working from home, we have noticed that the Release buttons within the quarantine report emails no longer work.

As this function is configured with the same hostname as the public DNS entry of the WAN interface and we are using L2TP VPN, the Clients try to connect to port 3840 on the WAN interface. The internal DNS-Server has the correct internal entry present, but is not queried by VPN-Clients in this case, causing them to send the request from their public IPs. Only internal Networks are configured under Quarantine-Report >> Advanced >> Allowed Networks.

For ease of use, we want to add Internet IPv4 to the Allowed Networks, but want to make sure we don't expose ourselfs to unnecessary security risk in the process. The UTM Engineer Handout calls this "not recommended", but I could not find any specific mention of this being a security-related warning.

Does anyone know how severe if at all the security implications of this setting are, or can point me to an official statement regarding this?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    I just tried some things and found that deactivating IPv6 on the physical Interface of the client seemingly solves the DNS problems.

    Nslookup now uses the 10.1.1.5 server when the client is connected via L2TP VPN. Switching back and forth, the UTM hostname is resolved as intended, depending on if the VPN connection is established.

    This would have to be implemented on all homeoffice clients, so I would still like to know if we can of simply allow quarantine release requests from the internet without compromising network security.

Reply
  • 0

    I just tried some things and found that deactivating IPv6 on the physical Interface of the client seemingly solves the DNS problems.

    Nslookup now uses the 10.1.1.5 server when the client is connected via L2TP VPN. Switching back and forth, the UTM hostname is resolved as intended, depending on if the VPN connection is established.

    This would have to be implemented on all homeoffice clients, so I would still like to know if we can of simply allow quarantine release requests from the internet without compromising network security.

Children
No Data
Unfiltered HTML