OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: pongafence on August 15, 2017, 01:22:24 am

Title: [SOLVED] Where to Apply Firewall Rules for Site-to-Site IPSEC traffic
Post by: pongafence on August 15, 2017, 01:22:24 am

So as the title says, where should I be applying the Site-to-Site IPSEC Firewall rules?  Should I be assigning them to the "IPSEC" interface that gets created?  Or to the WAN interface?

Title: Re: Where to Apply Firewall Rules for Site-to-Site IPSEC traffic
Post by: franco on August 15, 2017, 11:19:17 am

IPSEC tab, but these policies are only for *incoming* IPsec traffic. All outgoing traffic is filtered by the other interface tabs, or the floating rules if you need a single rule for more than one interface. In the floating rules, you can also filter by "outgoing" traffic.


Cheers,
Franco

Title: Re: Where to Apply Firewall Rules for Site-to-Site IPSEC traffic
Post by: pongafence on August 15, 2017, 11:33:43 am

Awesome!  Thanks for clearing that up.  After reviewing my firewall logs, it became quite obvious.  However still need to figure out why it's not forwarding routes.

You can now mark this as SOLVED thanks!

Title: Re: [SOLVED] Where to Apply Firewall Rules for Site-to-Site IPSEC traffic
Post by: franco on August 15, 2017, 11:47:34 am

Yay, done. :)