OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: pbolduc on February 02, 2017, 04:45:53 pm

Title: [SOLVED] IPSec Firewall Policy Security
Post by: pbolduc on February 02, 2017, 04:45:53 pm
Hi there,

On a previous hardware firewall I was able to control the type of service groups (ports) that pass through my IPsec tunnels. I noticed with OPNsense that am unable to customize the firewall service groups (ports) allowed through the IPsec VPN tunnels. I am aware that I can use custom subnetting to allow access to a certain block of computers through the VPN but I would also like to define the service ports via a firewall group to apply to certain IPsec traffic. Does anyone know if this feature will be available at some point?
Title: Re: IPSec Firewall Policy Security
Post by: franco on February 02, 2017, 05:04:33 pm
Hi,

Under Firewall: Aliases you can add Port "Groups", which you can assign from the Firewall Rules (so also for IPsec).


Cheers,
Franco
Title: Re: IPSec Firewall Policy Security
Post by: pbolduc on February 02, 2017, 05:57:21 pm
I should have included screenshots. Sorry to be a pest I am obviously misunderstanding the firewall policy terminology. I've attached two screenshots indicating what I mean and a third screenshot showing my pre-configured Firewall Ports group.
Title: Re: IPSec Firewall Policy Security
Post by: franco on February 02, 2017, 06:22:25 pm
No worries, this is easy: for ports to be specified you need to select protocol TCP, UDP or both.


Cheers,
Franco
Title: Re: IPSec Firewall Policy Security
Post by: pbolduc on February 02, 2017, 06:39:03 pm
Thank you so much!  I forgot to toggle my Protocol setting from "Any" to "TCP/UDP".