Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 7 subscribers
  • Views 1313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - SSL VPN & computers identification

DeltaSM

Hello folks,

I'm trying to improve our SSL VPN security and was asking the following question:

Is there a way to identify a remote computer hardware which is connecting to our UTM through SSL VPN? 

I would like to filter the computers that are connecting through SSL VPN and give permissions in case computers are from our company (with up-to-date OS, limited rights and reliable antivirus solution) and lower permissions for other computers.

MAC filtering is not a solution, neither is the STAS (correct me if I'm wrong). I found a workaround through the Client Authentication client but I was wondering if somebody had found another solution.

Kind Regards,

DeltaSM



This thread was automatically locked due to age.
  • 0

    Hi

    Any user would only be able to connect through SSL VPN if the user has 1)SSL VPN software 2)Config File and 3)Username and Password details of the allowed users. So you may collect the details before allowing users to download their SSL VPN config file or even allowing their username in SSL VPN profile. 

    However, you can not restrict a user through UTM based on their OS or Antivirus solution.

    Regards

    Jaydeep

  • 0

    If you switch to RADIUS authentication, you could use NPS on a Windows server to enforce these types of tests.  

  • 0 in reply to DouglasFoster

    We do this for a wifi installation in a special secured environment (behind bars). Very effective!

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to DouglasFoster

    Hello, about RADIUS, I have no experience so far (I just know it's linked to authentication).  Is it hard to implement?

    thank for the information about AV, etc. I want to download their package. I can't manage this on my side.

    So far I have a solution: I use Sophos Authentication Agent on computers I want to authenticate and I enter a common login/password and save it. Of course the users won't know this password. Once connected remotely with their Windows Credential on the VPN, users can access to ressources (or not) through the firewall rules I've configured with these special credentials used in SAA.

  • 0 in reply to DeltaSM

    Brilliant!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML