Helpful ReplyHot!Block internal IP from VPN

Author
freber
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/06 02:22:22
  • Status: offline
2021/09/11 08:05:37 (permalink)
0

Block internal IP from VPN

Hi all!
 
We have a working SSL VPN that lets outside users access our internal LAN. But I want to restrict access to specific local addresse. Ie I dont want any VPN users to access 192.168.0.20.
How do I block a specific local IP?
#1
Toshi Esumi
Expert Member
  • Total Posts : 2704
  • Scores: 267
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Block internal IP from VPN 2021/09/11 09:39:45 (permalink) ☄ Helpfulby Ger 2021/09/21 11:53:06
0
You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.
#2
Yurisk
Platinum Member
  • Total Posts : 244
  • Scores: 45
  • Reward points: 0
  • Joined: 2011/12/04 03:30:01
  • Location: Israel
  • Status: offline
Re: Block internal IP from VPN 2021/09/12 00:31:41 (permalink)
0
That's the beauty of Interface/Route-based VPNs - you treat your VPN users as located somewhere on the Internet and connected to your LANs via ssl.root interface, as the consequence, you allow/block this traffic in security policy  as you do with any traffic passing the firewall from interface to interface.
 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.
#3
freber
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/06 02:22:22
  • Status: offline
Re: Block internal IP from VPN 2021/09/12 06:35:16 (permalink)
0
I have a deny policy now which has destination .20 and when its not in effect the users can reach everything and when it is applied they cant connect at all.
#4
Jump to:
© 2021 APG vNext Commercial Version 5.5