Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 2303 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable destination for application control

Goldy

Hi.

I have blocked VPN from internal net out, but I need to enable OpenVPN to one dedicate external IP address.

Can I achieve this and how.

 

thanks,

Goldy



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to the community, create a firewall rule on top with source as the that one external IP, service as the services used by the OpenVPN and destination as ANY !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Shalom Goldy - nice to see you back here!

    If Vivek's suggestion doesn't do what you want, please insert a picture here of the Edit of the object the blocks "VPN frominternal net out."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Ok.
    Thanks Vivek, and great to hear from you Bob.
    I have found the way by ading the destination host to Application Control Skiplist, but Vivek way is better, because its more explicitly.
    The thing it say "This applies only to source hosts/networks", and i'm looking any from my internal network, able to reach one IP adress in Open VPN.
    (Normaly, i block all internal connection in vpn).
    Not sure if Vivek way will work, but i'll give it a try.  Slight smile

  • 0 in reply to Vivek Jagad

    Could an application rule be placed on top of the current one to allow VPN in the the external IP they want to allow, then leave the VPN block rule underneath? I am just wondering because I thought VPN firewall rules were automatically created and are the very top, staying above user-created firewall rules.

Unfiltered HTML