Can I limit type of traffic over VPN (HTTP/S)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Can I limit type of traffic over VPN (HTTP/S)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Can I limit type of traffic over VPN (HTTP/S)
Can I limit type of traffic over VPN (HTTP/S)
2023-11-24 05:42:38 - last edited 2023-11-30 06:53:00
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2

Is it possible to limit the types of traffic/ports that can traverse a site-to-site VPN?  My main aim is to limit the possibility of a network vulnerability traversing between sites.  I think all my clients need from other sites is HTTP/HTTPS based but is it possible to restrict VPN traffic to HTTP/HTTPS?

  0      
  0      
#1
Options
1 Accepted Solution
Re:Can I limit type of traffic over VPN (HTTP/S)-Solution
2023-11-27 02:10:21 - last edited 2023-11-30 06:53:00

Hi @PaulSloman 

Thanks for posting in our business forum.

ACL should apply to the IPsec subnets as well. Since this is an IP-Port-based ACL, try the SW ACL first. GW ACL currently does not support the IP-Port-based rule. This will be added in future firmware updates.

 

(SW ACL requires an Omada compatible switch).

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#2
Options
1 Reply
Re:Can I limit type of traffic over VPN (HTTP/S)-Solution
2023-11-27 02:10:21 - last edited 2023-11-30 06:53:00

Hi @PaulSloman 

Thanks for posting in our business forum.

ACL should apply to the IPsec subnets as well. Since this is an IP-Port-based ACL, try the SW ACL first. GW ACL currently does not support the IP-Port-based rule. This will be added in future firmware updates.

 

(SW ACL requires an Omada compatible switch).

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 461

Replies: 1

Related Articles