Network Access Control

 View Only
Back to discussions
Expand all | Collapse all

Block public internet if no VPN connection is started

  • 1.  Block public internet if no VPN connection is started

    Posted Sep 11, 2010 07:05 AM

    Hi,

    I am kind of in the dark with this, here is what i would like achive:

     

    We have SEP 11 rolled out to all clients, some clients have an Juniper VPN client installed for access via public internet with an RSA Token, i want to create a rule in the firewall that blockes Ethernet protocols unless he client is started and than the ethernet device will recieve an IP Address and is able to use the Public Net to create the tunnel.

     

    So basically i want the Ethernet device (LAN/WiFi) to be blocked untill the VPN Client is started and then they can use it via VPNTUNNEL.

     

    anyone out there who has the same issue or does know how to do this?

    i have tried almost anything but either i get no connection at all or all is wide open, and i don't want to make rules for thousends of sites and protocols.

     

    any help would extremely greatfull!

     

    Cock Toha



  • 2.  RE: Block public internet if no VPN connection is started

    Posted Sep 17, 2010 04:29 PM

    Use location awareness and FW rules...something like below...use other triggers if you like.

     

     

    Un-trusted

    Default Location – no switching Triggers specified. 

    Corp Ethernet

    NOT connected to Wireless

    AND IP within range

    AND DNS server IP match

    Corp Wireless

    NOT connected to Ethernet

    AND IP within range

    AND DNS server IP match

    VPN

    Connected to XYZ VPN

    AND DNS server IP match

    Dual-Homed

    NOT connected to XYZ VPN

    AND connected to Ethernet

    AND connected to Wireless


  • 3.  RE: Block public internet if no VPN connection is started

    Posted Oct 22, 2010 07:00 AM

    Hello,

    Great table Josh!

     

    Regards,

    Oykun