I am currently working on setting up a VPN group for RDP users. I am setting it up as a white list style filter, my last two rules will discard all to, or from, the group. Then I pass only what is actually wanted/needed for RDP/internet. I have some questions though.
Can you specify multiple protocol numbers for a single rule? (EX: TCP and UDP, but not "any" / all.)
Can you specifiy multiple port(s) / ranges for a single rule? (EX: 500, 5555-5575)
(Currently, I do not think either can be done, but they would be nice features. It would cut the number of rules I have in half, and make it easier to manage them.)
Is there a simple way to pass web traffic to / from the internet?
My last two rules were, correctly so, discarding all web traffic. I'd like to open that up for VPN users. Currently, I am passing from <group> to any TCP ports 80, 8080, 443. Should I limit Destination to 0.0.0.0? Or open any other ports?
Manage Access List, Web Traffic and rule questions.
-
sdevries.otn
- Posts: 11
- Joined: Fri Sep 26, 2014 2:33 pm
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Manage Access List, Web Traffic and rule questions.
> Is there a simple way to pass web traffic to / from the internet?
It depends on your definition of Internet.
It depends on your definition of Internet.
-
sdevries.otn
- Posts: 11
- Joined: Fri Sep 26, 2014 2:33 pm
Re: Manage Access List, Web Traffic and rule questions.
By internet, I mean destinations outside of our personal network/subnet. (We do not have multiple sites, so no "WAN").
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Manage Access List, Web Traffic and rule questions.
Please allow all packets from/to port 80 and 443. You don't need to limit IP address.