How can I configure Linux Server Firewall for Cisco AnyConnect?
Instructions for configuring a linux server's firewall rules to allow connections via Cisco AnyConnect.
You should already have an internal firewall zone to restrict access to services (ssh is the most relevant example of a service restricted to internal sources) to hosts from your own VLAN. This firewall rule is already present on all ACCC-managed systems, but if you manage your own system and you haven't already done this, create a new firewall zone called 'internal' like this:
sudo firewall-cmd --new-zone=internal --permanent
then, run the following command to restrict source traffic to your own VLAN: