[SOLVED] Where to Apply Firewall Rules for Site-to-Site IPSEC traffic

pongafence · August 15, 2017, 01:22:24 AM

So as the title says, where should I be applying the Site-to-Site IPSEC Firewall rules? Should I be assigning them to the "IPSEC" interface that gets created? Or to the WAN interface?

franco · August 15, 2017, 11:19:17 AM

IPSEC tab, but these policies are only for *incoming* IPsec traffic. All outgoing traffic is filtered by the other interface tabs, or the floating rules if you need a single rule for more than one interface. In the floating rules, you can also filter by "outgoing" traffic.

Cheers,
Franco

pongafence · August 15, 2017, 11:33:43 AM

Awesome! Thanks for clearing that up. After reviewing my firewall logs, it became quite obvious. However still need to figure out why it's not forwarding routes.

You can now mark this as SOLVED thanks!

franco · August 15, 2017, 11:47:34 AM

Yay, done. :)

[SOLVED] Where to Apply Firewall Rules for Site-to-Site IPSEC traffic

pongafence

August 15, 2017, 01:22:24 AM Last Edit: August 15, 2017, 11:47:14 AM by franco

franco

August 15, 2017, 11:19:17 AM #1

pongafence

August 15, 2017, 11:33:43 AM #2

franco

August 15, 2017, 11:47:34 AM #3