Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3574 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Guest Wifi kan access LAN IP's

jkm005
Hi

Did see some posts about this - but not sure if I saw the solution?

I have a Guest wifi.

Auto created FW rule Wifi->Web_surfing->Internet IP4

Also created a top rule Wifi->Any-Internal (Drop).

Still users can access internal websites using IP.
Also wondering why VPN is possible when only Internet IP4 is allowed from Wifi?

Thanks


This thread was automatically locked due to age.
  • 0
    Using Webproxy in transp. mode for wifi-subnet? Try adding internal subnet to proxy/advanced - destination skiplist.
    What type of vpn is possible? OpenVPN/SSL? That protocol is allowed via proxy and/or rule "web surfing".
  • 0
    do you use the integrated Proxy so web protection called? Then you have to add in Web Filter Options -> Skip Destination host/Networks from transparent mode [;)]
  • 0 in reply to DarkKnight93
    Great. Thanks both of you.

    So a firewall rule rejecting all from wifi to internal is "overruled" by webproxy?

    Regarding VPN .. All types Work.
    Not that I need to deny it but nice to know what is allowing this.
  • 0 in reply to jkm005
    Great. Thanks both of you.

    So a firewall rule rejecting all from wifi to internal is "overruled" by webproxy?

    Regarding VPN .. All types Work.
    Not that I need to deny it but nice to know what is allowing this.


    Yes, webproxy is handled by Internal (Address) and not by Internal (Network). Just put the internal network in the transparent proxy destination exclusion.

    You probably have more firewall rules where at least one of them allows VPN-traffic. SSL VPN over port 443 is handled by web protection (proxy).

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels
    Yes, webproxy is handled by Internal (Address) and not by Internal (Network). Just put the internal network in the transparent proxy destination exclusion.

    You probably have more firewall rules where at least one of them allows VPN-traffic. SSL VPN over port 443 is handled by web protection (proxy).


    Allright.. Thanks a lot.
Unfiltered HTML