Limit remote IKEv2 Mobile VPN connections with Geolocation
Is there a way to limit the connections for IKEv2 Mobile clients from the WAN?
I configure the limitation for SSLVPN connectinos with the 'WatchGuard SSLVPN' policy to allow only some countries that employees are allowed to travel. But is there also a solution for the IKEv2 mobile connections? I can't find the build-in IPSec policy to do this.
Or do I need to Disable the Built-in IPSec Policy option in the Global VPN Settings and create a new policy to allow IPSec to the Firebox with some limitattions?
0
Sign In to comment.
Comments
Hi @Woodenshoe
To modify the inbound IPSec rule you'll need to turn off the firewall's built-in one and make your own.
See:
(Configure Inbound IPSec Pass-through with SNAT)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/ipsec_pass-through_c.html
If you're not sending IPSEC traffic elsewhere, you only need to make the second rule, "IPSec_to_Firebox" in that example. The IPSec_to_Firebox rule is where you'd apply geolocation or any other policies that you want.
-James Carson
WatchGuard Customer Support