Firewall Policy for VPN users
Hi I need help understanding some things about the firewall and polices.
I am using SEP 12.1
I have setup several locations:
The one that is not working the way I want it to is VPN.
If our users are on VPN, they are already connected to an "Untrsuted" network. When my test computer connects to VPN, the location switches just fine, however I am trying to fine tune access.
What I want to do is allow ALL and ANY traffic coming FROM the VPN and going TO the VPN
But then deny everything else.
In example, we have Joe User in a coffee shop, Joe gets on the corporate VPN. I want to be able to RDP or use Dameware to get into Joes computer, however, if Jack Hacker is in the coffee shop, and decides he wants to connect to dameware, it will let him connect (granted, we still have the PW layer of security, but the would be attacker has already gotten part of what he wants, a TCP connection to my system)
Now, I thought I had this working the way I want by making firewall statements specific to the interface ( I was able to allow pings from VPN to the remote host, but computers on the public network, NOT on VPN could not ping) You see what I am getting at?
To put it even more simply, I would want the "Allow all applications" rule to apply ONLY to the VPN tunnel (Yes, I created an interface under my policy for the Anyconnect VPN adaptor, and I got the correct Identifier)
and, then the Deny all for the rest of the adaptors...but when I do that, it breaks the SSL VPN (most likely cause its now being denied, as the protocol probably flows from the physical adapter then to the tunnel adapter)
Been screwing with this all day, and I am hoping someone will be willing to help me think this through... I can get you excel files with my rules etc)