Blocking VPN Connections

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Is there a way to block all/any types of VPN connections in select SSID's, or be able to block VPN connections all together.
Photo of James

James

  • 9 Posts
  • 0 Reply Likes
  • worried

Posted 4 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
As the Aerohive solution supports role based access control you would block the VPN protocols using the layer seven firewall per user profile.  If you have a Guest SSID, for example, that matches all users to a Guest user profile you would configure the IP Policies in the Guest user profile to deny all VPN protocols. 

In the Guest user profile expand the "Firewalls" area and click on the "+" button to the right of the "From-Access" field in the "IP Firewall Policy" area:



In the IP policy just select add a new rule and select "Application Services" from the drop down menu in the "Service" column.  When the "Select Applications" window appears select the "Group" option and enter "vpn" to list all the VPN protocols.



Select all the applications in the "VPN & Tunneling" group and click on the "OK" button.and then select "Deny" as the firewall rule action:


(Edited)