Hello

First, forgive my poor knowledge;

Environment:
3 companies, A, B and C
Company A - Draytek 2960 Router updated with the latest version available and configured with an SSL Dial-In Vpn.
Company B - Computer with Smart VPN Client configured to access Company A via SSL VPN, and which works.
Company C - My Laptop with Smart VPN Client configured to access Company A via SSL VPN, and it works.

What I want to do and am not achieving:
1) If the Draytek VPN Client configuration file is copied to another company ?, I want the router to block that access. What did I do:
1.1) I created a Service Type Object, "SSL"
1.2) In the firewall I created two rules. They are the firsts.
The first to prohibit access through SSL Vpn's (Service Type Object-SSL).
The second to authorize access through SSL Vpn's (Service Type Object-SSL), but with the "source IP" = fixed public IP of company A.

(I think the prohibition rule is correct, because if I activate it without the authorizing rule, I cannot access company A. (Smart VPN Client fails)

With both rules activated and with my laptop at home (public IP different from the Public IP defined in the "source IP" of the authorization rule, I can open the SSL VPN for company A. Where am I failing?

I would also like to ask for your help with the following:
When the VPN is up, the only equipment that can be pinged are two servers. (that's what I want and it's configured in the Firewall).
However, some devices are networks printers and they can be accessed via Http. How can I prevent this type of access to the 4 printers inside at Company A?

Thanks in advance

Dolive

Hi Dolive,

Try switching the rules around.

Have the blocking rule later down the list of rules.

If you place the block rule first, the allow rule will never be reached.

Hy

In the scenario in question, the local network can be accessed via SSL VPN from two companies (a) e (b). In both cases, VPNs are called with Draytek's Smart Vpn client.

On the local network router I have rules created for these companies, namely access to only two devices on the local network.

I only intend to authorize VPN access triggered from Company A and B. On the router I created 2 "ip objects" with these two remote Wans.

As suggested, I then put the rules of
1) SSL VPN ban
2) SSL VPN authorization for Wans from Company A and Company B
At the end of all created rules.

But I am on a different Wan than the Wans of companies A and B, the router authorizes my access.

Thanks in advenced

dolive wrote:
As suggested, I then put the rules of
1) SSL VPN ban
2) SSL VPN authorization for Wans from Company A and Company B
At the end of all created rules.

Hi Dolive,

My suggestion was to switch these rules around.

So the block “ban” happens last, or at least after the allow rule, in the rules order.

The “allow” rule for your ‘IP Objects’ must happen before the “ban” rule.

It Works

Thanks

Do

Awesome news! I’m glad it’s working now