How to block certain public IP addresses from accessing SSL VPN?

Description

Sometimes we want to restrict access to SSL VPN for certain IP addresses, but we do not have a list of IPs that we want to allow. To work around this, we can leave the default SSL VPN access rule and create a source-based deny rule to block access to known bad actors or any IP we desire to block access.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

  1. Create an Address object with the desired IP you want to block
  2. Go to Object | Match Objects | Addresses and create a new Address Object
  3. You can add more IP Addresses by creating more Objects and adding them in the same Address object group
  4. Click Add
    Image

  5. Create an Access rule to block access to SSL VPN
  6. Go to Policy | Rules and policies | Access rules  
  7. Click on Add at the bottom and edit the new access rule as below and click Save to add itImage
  8. Now as you can see the Deny rule is on higher priority than the default one, and will block the desired IP addresses to SSL VPN via Netextender/Mobile connect or Virtual officeImage

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

  1. Create an Address object with the desired IP you want to block
  2. Go to Manage | Objects | Address objects and create a new Address Object
  3. You can add more IP Addresses by creating more Objects and adding them in the same Address object group
  4. Click Add
    Image
  5. Create an Access rule to block access to SSL VPN
  6. Go to Manage | Rules | Access rules
  7. Edit the new access rule as below and click Add to save it

    Image
  8. Now as you can see the Deny rule is on higher priority than the default one, and will block the desired IP addresses to SSL VPN via Netextender/Mobile connect or Virtual officeImage

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
SSLVPN
Firewalls
TZ Series
SSLVPN
not finding your answers?
Ask the Community