Hi.
I have blocked VPN from internal net out, but I need to enable OpenVPN to one dedicate external IP address.
Can I achieve this and how.
thanks,
Goldy
This thread was automatically locked due to age.
Hello Goldy ,
Thank you for reaching out to the community, create a firewall rule on top with source as the that one external IP, service as the services used by the OpenVPN and destination as ANY !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Shalom Goldy - nice to see you back here!
If Vivek's suggestion doesn't do what you want, please insert a picture here of the Edit of the object the blocks "VPN frominternal net out."
Cheers - Bob
Ok.
Thanks Vivek, and great to hear from you Bob.
I have found the way by ading the destination host to Application Control Skiplist, but Vivek way is better, because its more explicitly.
The thing it say "This applies only to source hosts/networks", and i'm looking any from my internal network, able to reach one IP adress in Open VPN.
(Normaly, i block all internal connection in vpn).
Not sure if Vivek way will work, but i'll give it a try.
Could an application rule be placed on top of the current one to allow VPN in the the external IP they want to allow, then leave the VPN block rule underneath? I am just wondering because I thought VPN firewall rules were automatically created and are the very top, staying above user-created firewall rules.