Remote access to one ip in LAN zone but block to other LAN hosts

I have user A, he have RDP from LAN to other hosts in LAN zone. I make setting on my sophos for  user A  to have VPN and RDP to one host. My question is: Can i make settings for user A, when he connect to host via VPN and make RDP to this host, but i want to block this user to access other hosts in LAN network  when he using VPN and RDP?

  • Hi.

    I don't know if I understand your problem correctly.

    If you wand only one User to be able to access one host through VPN you could just create a SSL VPN profile and put the user and the host into thies profile. Don't check "Automatic firewall rules" but create them by hand (only allowing RDP to the host for the SSL-User-VPN-Object.

    But if the user is connected to the RDP-Host he would normally be able to reach other machines in the same subnet using a browser on the RDP-Machine for instance.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Yes that was my question, i have rule but when allow RDP to this host and user connect via VPN, he can make RDP to other hosts in LAN subnet! I thought there was a way to track the source address, and a way to block it! Thank you so much for the answer!

  • Hi 

    If the VPN-User launches an RDP session from the server he is allowed to connect by the VPN-Profile. This RDP session comes from the IP-Address of the server.

    So, if the server is on a separate VLAN you can create a FW rule to block RDP traffic to other VLANS or hosts.

    For host in the same VLAN you would have to configure this on OS-level.