i try to set up vpn on glinomet mt 6000 using out of box rule “all except specified ip list“ but it looks like no way to add port pool or protocol rule like ftp. any ideas?
p2p not blocked in my country, so there are no reason to encrypt 3.1 petabyte per year and send to other counry, then back.
Hi
Currently, VPN policies only support configuration based on IP addresses or domain names; specifying ports or protocols is not supported.
However, you can manually adjust the firewall settings to allow certain ports or protocols to bypass the VPN. For example, if you don’t want ICMP traffic to 8.8.8.8 to go through the VPN (note that you should adjust the chain/port/protocol based on your setup):
iptables -t mangle -I TUNNEL10_ROUTE_POLICY -m mark --mark 0x0/0xf000 -p icmp -d 8.8.8.8 -
j RETURN
You can then place the firewall rules in an appropriate location within /usr/bin/rtp2.sh to automate the configuration.
We’ll also discuss this with the product team to see if it can be supported in the GL UI in the future.