[NEBULA] Can I isolate external VPN L2TP connections to port group 2 only?
GadgetryTech
Posts: 6
I have a secure box on my network that other developers need to remotely access. I do not want them to be able to see anything on my home network. If they were using the Nebula VPN feature on my NSG 100, can I make it so they only see the server(s) on an isolated network?
I know other options are bypassing the Nebula VPN service and just open a single port, then deploy a VM running a VPN service on it's own subnet. I just like the hardware feature built in to the NSG and its performance. Thanks!
I know other options are bypassing the Nebula VPN service and just open a single port, then deploy a VM running a VPN service on it's own subnet. I just like the hardware feature built in to the NSG and its performance. Thanks!
0
Accepted Solution
-
Hello @GadgetryTech
I assume the L2TP pool subnet is 192.168.145.0/24 and your home network subnet is 192.168.41.0/24 then you can set the firewall rule as below.
If your sever is also in subnet 41.0/24 for instance 192.168.41.100 then you can put another firewall rule at first priority and allow it.
/ChrisChris
5
All Replies
-
I believe using the outbound rules will do just fine, but I guess you first need to create a rule that allows access from the VPN network to servers network, and then another rule bellow that blocks other traffic from the VPN network to any.
"You will never walk along"0 -
Hello @GadgetryTech
I assume the L2TP pool subnet is 192.168.145.0/24 and your home network subnet is 192.168.41.0/24 then you can set the firewall rule as below.
If your sever is also in subnet 41.0/24 for instance 192.168.41.100 then you can put another firewall rule at first priority and allow it.
/ChrisChris
5 -
Thanks Chris! Finally got around to testing this out. VPN traffic is isolated to Port group 2 on the gateway. Any traffic on port group 2 cannot hit my local/home network, but I can still establish sessions from my home network to VMs on port group 2 without any issues. Works like a charm!1
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight