Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PPTP WatchGuard Firebox Restrict Acces to IP Range

Posted on 2008-10-06
6
716 Views
Last Modified: 2013-11-16
I have 2 different subnets behind my firebox x5500e, 10.0.0.0/24 and 10.0.3.0/24.  Is it possible to restrict VPN clients to only one of the subnets?  I am able to connect to my firewall, but once the connection is made, access to everything behind the firewall is possible.  I was poking around the settings of the IPSec method and saw that you can configure which networks are accessible.  Can this be done with PPTP?  How?
0
Comment
Question by:mansurw02
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22654957
Usually you allow connection, and then limit internal subnets from the VPN subnet(s) using appropriate firewall rules.  DO you have an existing rule FROM VPN to either 10.0.0.0 or 10.0.3.0?  If not, make two rules, one allowing, and one denying.
0
 

Author Comment

by:mansurw02
ID: 22655016
From VPN?  Do you mean another PPTP policy with FROM Firebox TO 10.0.0.0?  Currently I have 1 PPTP policy, FROM ANY TO FIREBOX.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22656651
You can change the policy which allows access to the remote clients, currently as you stated it is:

>> FROM ANY TO FIREBOX

Change it to:
"Enabled and Allowed"; from pptp-user/group; to 10.0.0.0/24 [if you wish 10.0.0.0 only to be accessible]

In the configuration of PPTP; you only specify virtual IP address/pool; and then you add users in firebox for local authentication or configure RADIUS server for user authentication.

The policy is the only thing which limits the user access.

I would not suggest keeping any incoming policy as from ANY; as this is a perspective security hole.

Please let know if you need more details.

Thank you.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 8

Expert Comment

by:sstone55423
ID: 22660887
Hmmm, I would have liked at least partial credit  (assist) for giving you the right answer.
0
 

Author Comment

by:mansurw02
ID: 22661030
Sorry, I am new to Experts Exchange.  I simply gave the points to whomever was most helpful.  Now I know that I can distribute the credit.  Thanks for your help too!
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22661590
No problems, welcome to EE!
In this case, I believe I answered your question, and then dpk_wal expressed my answer further.  Grading probably should have been to give me the credit for the answer, and dpk the assist.  If you had asked questions, or indicated that you needed further help, I would have been glad to do that too.  
In this case, you felt that dpk_wal was the most helpful to you, and you are the boss!
Thanks,
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5506W VPN Clients not seeing local network 12 42
Cisco ASA5508-X vs Barracuda X200 2 72
Question about Authentication Domain 6 94
ASA 5505 latency problem 8 45
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question