VPN and firewall policy & suggestions

2Pac IT
2Pac IT used Ask the Experts™
on
I have firewall that blocks some IP's from accessing the Internet that works fine. When an user comes in from the VPN they are able to access any devices except the devices that are being blocked from Internet access. I would like help troubleshooting or creating a policy that will keep the network devices from access the internet but when an user logs into the vpn they are able to access the devices.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Brian MurphySenior Information Technology Consultant

Commented:
Sounds like you need a VPN concentrator that can do NAP.

However, this can get complicated being once they are logged in to another device like a remote desktop, Linux Server, OpenBSD, etc.... They are on the network.

I've implemented scenarios where the "fix" was to force authentication to a Radius server or some other authentication where you can keep them from logging in to those devices or "hopping" from one Network device to the other - if this makes sense?

You can prevent the network devices from accessing the Internet, depending, by pointing their DNS to DNS servers that do not Forward requests.

Or, you can leverage a Network Proxy Server and define approved Networks or force Authentication such as AD Integration then use WPAD or PAC files to control client access.  This would prevent any non-authenticated user from accessing the Internet.

Each has pros and cons but I can explain further if your interested.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Probably the firewall is blocking ANY traffic from those system, you may be able to add a rule before the blocking rule, to allow traffic to addresses within the VPN connection?
Distinguished Expert 2018

Commented:
Do you have rules that allow traffic from the VPN subnet to the subnet(s) those devices are in? My guess is no. But conversely, you should also check the scope of the blocking in place to be sure it is not overly broad. Blocking their access to the internet is clearly the goal, but are rules also blocking to internal things?

Author

Commented:
Thanks for the help and I will have an update soon !!

Author

Commented:
Not sure what is going on but something with the IP and not VPN as I switched IP of a PC that works on that system and now it works. Thanks for the help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial