This content has been marked as final. Show 3 replies
Trust the router. You should be able to create a rule where the source is 192.168.x.x on the local subnet.
Are these home users?
Both 10.x and 192.168.x.x are RFC1918 space and are not Internet routable. The firewall does not know the difference especially if you are performing NAT translation.
The 10.x VPN connection rides on top of whatever network you have.
Perhaps I should clarify:
The network we are connecting to, through VPN is our corp's 10. network. So, we want to make sure that the firewall only allows the 10. traffic, not anything else.
The problem with just trusting the home router's IP traffic (192....) during a VPN connection is that not only will we be trusting the 10. traffic (which I want) but we would also be trusting non 10. traffic (which I don't want).
The trusted rule definition has a LOT of improvements in HIPS 7.0. Basically you get to pick and choose from all of the IP info that you would get in an IPCONFIG /ALL. So you can set up things that say 'if the range is xxx and the gateway is yyy and the dhcp server is zzz'.