[NEBULA] Can I isolate external VPN L2TP connections to port group 2 only?
Options
GadgetryTech
Posts: 6
I have a secure box on my network that other developers need to remotely access. I do not want them to be able to see anything on my home network. If they were using the Nebula VPN feature on my NSG 100, can I make it so they only see the server(s) on an isolated network?
I know other options are bypassing the Nebula VPN service and just open a single port, then deploy a VM running a VPN service on it's own subnet. I just like the hardware feature built in to the NSG and its performance. Thanks!
I know other options are bypassing the Nebula VPN service and just open a single port, then deploy a VM running a VPN service on it's own subnet. I just like the hardware feature built in to the NSG and its performance. Thanks!
0
Accepted Solution
-
Hello @GadgetryTech
I assume the L2TP pool subnet is 192.168.145.0/24 and your home network subnet is 192.168.41.0/24 then you can set the firewall rule as below.
If your sever is also in subnet 41.0/24 for instance 192.168.41.100 then you can put another firewall rule at first priority and allow it.
/ChrisChris
5
All Replies
-
I believe using the outbound rules will do just fine, but I guess you first need to create a rule that allows access from the VPN network to servers network, and then another rule bellow that blocks other traffic from the VPN network to any.
"You will never walk along"0 -
Hello @GadgetryTech
I assume the L2TP pool subnet is 192.168.145.0/24 and your home network subnet is 192.168.41.0/24 then you can set the firewall rule as below.
If your sever is also in subnet 41.0/24 for instance 192.168.41.100 then you can put another firewall rule at first priority and allow it.
/ChrisChris
5 -
Thanks Chris! Finally got around to testing this out. VPN traffic is isolated to Port group 2 on the gateway. Any traffic on port group 2 cannot hit my local/home network, but I can still establish sessions from my home network to VMs on port group 2 without any issues. Works like a charm!1
Categories
- All Categories
- 385 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 908 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 200 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight