Add IP Ranges as 'Trusted' (from BOVPN)


Wasn't sure where to add this in as it's technically BOVPN but mainly applying to the networking side of our main firewall.

Is there a way to add additional IP ranges as trusted?

We currently have a few VLANs setup at our BOVPN side and a full route back to our main firewall. As the BOVPN rules are auto created as 'any' the IP ranges route through the full tunnel and by that are then allowed 'external' to the internet through this rule. By default we work on a only allow whats in the policy list.

What seems to work fine at the minute for one of the VLANs is create a deny to any external just above the BOVPN policy and then add the networks into any of the allow rules we need - This is fine for our guest network as we have a couple of specific policies for those already at our main site.

For our domain machines we have a VLAN created at the BOVPN site but as this is trusted i'd simply like to add it in at the main site as trusted and not have to go down the long list of policies and add the range/alias into any rule that already has 'any-trusted' in the policy.



  • Options

    "Trusted" is only for local firewall interfaces & VLANs, not for remote ones.
    No way to do what you want.

    Not that this reduces your work load, but you could create an Alias which includes Any-trusted and the remote VLAN subnet, and use that in policies instead of Any-trusted.

Sign In to comment.