How can I setup a rule to only allow SSLVPN connections from address group on TZ-210.
All_Mighty_Ruler
Newbie ✭
I want to setup DDNS addresses that are the only addresses allowed to connect to my SSLVPN port 4433. Port 4433 should not be open to the world. Because "If you build it, they will come!".
I tried making a WAN to WAN rule, but the firewall moves the priority down. You cannot make the priority 1.
If I try changing the built-in SSLVPN rules, the FW just puts the rules back automatically.
I tried making a WAN to LAN rule that someone posted, but that does nothing.
I'm running firmware: SonicOS Enhanced 5.9.2.7-5o
Category: Entry Level Firewalls
0
Answers
@All_Mighty_Ruler
Edit the default WAN-WAN default rule for the SSL VPN and change the SSLVPN port to HTTPS Management. Then create a new WAN-WAN rule for the SSLVPN and select your dyndns enabled wan interface.
For example follow as same as below;
@Ajishlal But then you just opened up HTTPS management to the world...
Thanks for responding, but I do not have SSLVPN open for the NetExtender. I only have a VPN tunnel. So I only have the 2 IKE rules that I am trying to protect. Any changes I make, the FW just puts back.
@TKWITS
Already there is a default rule for HTTPS management & we can prevent the unauthorized access through adding only trusted sources instead of "Source: ANY".
@All_Mighty_Ruler
" I want to setup DDNS addresses that are the only addresses allowed to connect to my SSLVPN port 4433. Port 4433 should not be open to the world".
As per your above statement , I thought you need to open SSLVPN port for specified WAN interface which is enabled for dyndns & now you are telling that you dont have SSLVPN. So brief properly what kind of the support exactly you required then only we can give you the proper solution.