Author Topic: [SOLVED] IPSec Firewall Policy Security (Read 1186 times)

pbolduc · « **on:** February 02, 2017, 04:45:53 pm »

Hi there,

On a previous hardware firewall I was able to control the type of service groups (ports) that pass through my IPsec tunnels. I noticed with OPNsense that am unable to customize the firewall service groups (ports) allowed through the IPsec VPN tunnels. I am aware that I can use custom subnetting to allow access to a certain block of computers through the VPN but I would also like to define the service ports via a firewall group to apply to certain IPsec traffic. Does anyone know if this feature will be available at some point?

franco · « **Reply #1 on:** February 02, 2017, 05:04:33 pm »

Hi,

Under Firewall: Aliases you can add Port "Groups", which you can assign from the Firewall Rules (so also for IPsec).

Cheers,
Franco

pbolduc · « **Reply #2 on:** February 02, 2017, 05:57:21 pm »

I should have included screenshots. Sorry to be a pest I am obviously misunderstanding the firewall policy terminology. I've attached two screenshots indicating what I mean and a third screenshot showing my pre-configured Firewall Ports group.

franco · « **Reply #3 on:** February 02, 2017, 06:22:25 pm »

No worries, this is easy: for ports to be specified you need to select protocol TCP, UDP or both.

Cheers,
Franco

pbolduc · « **Reply #4 on:** February 02, 2017, 06:39:03 pm »

Thank you so much! I forgot to toggle my Protocol setting from "Any" to "TCP/UDP".

Author Topic: [SOLVED] IPSec Firewall Policy Security (Read 1186 times)

pbolduc

[SOLVED] IPSec Firewall Policy Security

franco

Re: IPSec Firewall Policy Security

pbolduc

Re: IPSec Firewall Policy Security

franco

Re: IPSec Firewall Policy Security

pbolduc

Re: IPSec Firewall Policy Security