What's the best approach to filtering (Allow/Deny) access to specific terminals for VPN users?
Options
Currently we have some ipsec ikev2 gateway which are allowed to connect to a certain LAN, and some other that are allowed to connect to an other LAN. But they always have access to the whole LAN they join (they can reach all the terminals inside that LAN)
We have many entries under Configuration > Security Policy > Policy Control
Close to the end, the following rule which I believe was created by default by firewall.
Probably it is the rule allowing to access the whole LAN.
What's the best approach to filtering, and allow VPN user to reach only the specified Address Group?
We have many entries under Configuration > Security Policy > Policy Control
Close to the end, the following rule which I believe was created by default by firewall.
Probably it is the rule allowing to access the whole LAN.
What's the best approach to filtering, and allow VPN user to reach only the specified Address Group?
0
All Replies
-
...follow0
-
Hi @phphil
Step1. you can add address object group(e.q. IP address, FQDN).
Step2. This policy’s Destination field choose that address group which you created on Step1.
0
Categories
- All Categories
- 398 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight