I have a site to site vpn running across two sonic endpoints (unfortunately with dynamic ip due to fiber) and while it's configured securely, I wanted to further lock it down by restricting traffic at the firewall level by dropping traffic that doesn't originate from a sonic ip address. Is the list here enough or would I be missing anything?: https://bgp.he.net/AS7065#_prefixes
That's everything from our ASN, so that should be all the potential live IPs we have today. But you could probably limit to the subnet each end-point is in today, and be even more secure, then update if/when that subnet changes.
In total there are 11 users online :: 0 registered, 0 hidden and 11 guests (based on users active over the past 5 minutes) Most users ever online was 422 on Sat May 26, 2012 5:28 am
Users browsing this forum: No registered users and 11 guests