- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Should vpn access rules be part of the layer 3 outbound area, or layer 3 inbound area?
I have one vpn setup in the MX, along with some other vlans. Where would I put access/firewall rules concerning the vpn subnet? In the inbound section or outbound? For example I want vpn subnet to have access to a file share on vlan2? What about non-vpn inter vlan access; would I put these in inbound or outbound section?
thanks.
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To add to @KarstenI 's post, if you're talking about client VPN (rather than site-to-site vpn), you use outbound rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the traffic comes from or goes to the VPN, the rules need to be configured on the organization-wide VPN-rules. VPN traffic is not filtered by L3 Firewall rules. For inter VLAN-traffic, they have to be in the outbound section of the L3 rules. Inbound is for traffic from the WAN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To add to @KarstenI 's post, if you're talking about client VPN (rather than site-to-site vpn), you use outbound rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, it's client vpn. Thanks for verifying.
