cancel
Showing results for 
Search instead for 
Did you mean: 

Network Connect Access Control - inbound ACL

Highlighted
Super Contributor

Network Connect Access Control - inbound ACL

So i am setting up somethign in my lab and ran into an issue that i can't find a solution for

1. i want to do a full tunnel and allow the users who log into to access specific servers .

2. i want all internal (on my company's network) computers to be able to connect to the Network Connected computers but the Network connected computers should not be able to initiate a connection to all of my Internal (on my company's network) computers except the ones i specified in step 1.

If i setup the ACL policy like

10.x.x.x.:81

10.x.x.x.:8443

etc

this does the part of the problem. But where do i allow the inbound traffic? All the inbound traffic from the internal network to the network connected computers is blocked by the IVE. i know this because there is no firewall in this lab setup between my internal network and the network connected IP addresses.

The only way i can allow internal computers to talk to the network connected computers is by adding the specific ip address of the internal computer and specify 10.1.2.3:* or if i do *.* as the policy.

2 REPLIES 2
Highlighted
Respected Contributor

Re: Network Connect Access Control - inbound ACL

You need to allow all ports from the servers. The ACL is for both inbound & outbound connections; inbound requires * as you can't control the inbound port.
Highlighted
Regular Contributor

Re: Network Connect Access Control - inbound ACL

NC ACL functionality will not be able to achieve what you need. You will need an external firewall for such ACL control.

 

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB20394