Body
This document provides instructions for configuring an RPM based Linux distribution server's firewall rules to allow connections via Cisco AnyConnect. For documentation on doing the same on Debian based OS', such as Ubuntu, using "Uncomplicated Firewall" (UFW), see https://documentation.ubuntu.com/server/how-to/security/firewalls/
You should already have an internal firewall zone to restrict access to services (ssh is the most relevant example of a service restricted to internal sources) to hosts from your own VLAN. This firewall rule is already present on all Technology Solutions-managed systems, but if you manage your own system and you haven't already done this, create a new firewall zone called 'internal' like this:
sudo firewall-cmd --new-zone=internal --permanent
then, run the following command to restrict source traffic to your own VLAN:
sudo firewall-cmd --add-source=10.0.0.0/8 --zone=internal --permanent
Once your internal zone is set up, add the UIC VPN IP address range:
sudo firewall-cmd --add-source=172.22.0.0/22 --zone=internal --permanent
Finally, make sure to restart your firewall service to load the new rules in:
sudo firewall-cmd --reload