Results 1 to 4 of 4
  1. #1
    Untangler
    Join Date
    Jun 2015
    Posts
    87

    Default NGFW 13.2 force specific traffic thru Tunnel VPN only, not External interface

    Hi, am trying to redirect traffic on my network over a specific port 123 to the Tunnel VPN only. Want this same traffic to be stopped if/when the Tunnel goes offline and restore the connection when the Tunnel VPN is restored. Currently, when I disable the Tunnel VPN tunnel, it appears as if traffic to this port isn't suspended. Steps I've taken:

    1.) Setup FIREWALL > Rule of:
    Destination Port: 123
    Destination Interface: External
    Action Type: Block
    Flag: True

    2.) Setup TUNNEL VPN > Rule of:
    Destination Port: 123
    Source Address is: CLIENT IP HERE 192.168.x.x
    Destination Tunnel = Specific VPN Tunnel Name Here

    Please advise if I've done this correctly? My intent is only to redirect specific traffic to the Tunnel VPN tunnel and not ALL traffic for the specified client.
    Last edited by miles267; 06-11-2018 at 10:51 AM.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,256

    Default

    sure, that will work. I would add a protocol condition just so its clear what exactly you are blocking.
    not all protocols have a port.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Jun 2015
    Posts
    87

    Default

    Thanks dmorris. Would it be recommended (or efficient) that I also specify the same protocol in the Tunnel VPN rule?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,256

    Default

    Quote Originally Posted by miles267 View Post
    Thanks dmorris. Would it be recommended (or efficient) that I also specify the same protocol in the Tunnel VPN rule?
    It probably wouldn't have any effect at all.
    I just prefer it because if you specify a port its kinda ambiguous about how it would treat sessions without ports, hence my suggestion is to just be clear.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2