Firewall Configuration
This guide will assume you are already logged into the firewall and the out of box experience has been completed as per the previous articles.Configuring ACL
The below rules will allow for cross network communication between the VPN subnet (10.81.0.0/24) and the LAN subnet (172.16.16.0/24).- Select ‘Administration’
- Select ‘Device Access’
-
Ensure the following variables have been set for ‘Local service ACL’
- Under ‘WAN’ enable - ‘SSL VPN’ & ‘User Portal’
- Under ‘VPN’ enable - ‘DNS’ & ‘User Portal’
- Select ‘Apply’
- Select ‘Hosts and Services’
- Select ‘IP Host’
-
Select ‘Add’
- Ensure the following have been set
- Name - ‘OVLAN’
- IP Version - ‘IPv4’
- Type - ‘Network’
- IP Address - ‘172.16.16.0’
- Subnet - ‘/24’
- Select ‘Save’
- Select ‘Rules & Policies’
-
Select ‘Add firewall rule’
- Select ‘New firewall rule’
-
Ensure your page has the following information filled out
- Rule Name - ‘VPN_TO_LAN’
- Action - ‘Accept’
- Rule Position - ‘TOP’
- Rule Group - ‘None’
- Source Zone - ‘VPN’
- Source Network - ‘ANY’
- Destination Zone - ‘LAN’
- Destination Network - ‘ANY’
- Services - ‘ANY’
- Select ‘Save’
Configuring the SSL VPN
- Select ‘Remote Access VPN’
- Select ‘SSL VPN’
- Select ‘Add’
- Ensure your page has the following information filled out
- Name - ‘(Identifiable Name)’
- Use as default gateway - ‘Unticked’
- Permitted network resources - ‘OVLAN’
- Select ‘Apply’
Creating SSL VPN User
- Select ‘Authentication’
- Select ‘Users’
- Select ‘Add’
- Ensure your page has the following information filled out
- Username - ‘(Define a username)’
- Name - ‘(Match username)’
- User Type - ‘User’
- Password - ‘(Define a password)’
- Email address - ‘(Use a valid email address)’
- Group - ‘Open Group’
- Set all of the 4 qouta’s to unlimited / none
- SSL VPN Policy - ‘No policy applied’
- Clientless SSL VPN Policy - ‘No policy applied’
- Select ‘Save’