I have a site to site vpn running across two sonic endpoints (unfortunately with dynamic ip due to fiber) and while it's configured securely, I wanted to further lock it down by restricting traffic at the firewall level by dropping traffic that doesn't originate from a sonic ip address. Is the list here enough or would I be missing anything?: https://bgp.he.net/AS7065#_prefixes
That's everything from our ASN, so that should be all the potential live IPs we have today. But you could probably limit to the subnet each end-point is in today, and be even more secure, then update if/when that subnet changes.
In total there are 9 users online :: 1 registered, 0 hidden and 8 guests (based on users active over the past 5 minutes) Most users ever online was 422 on Sat May 26, 2012 5:28 am
Users browsing this forum: kmizuta and 8 guests