Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 2723 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

temporary vpn user

ciwan

Hi All

 

Is it possible to create a guest vpn user on UTM 9. And put lets say 2 hours connectivity after that, don't let the user to have activity on any server that is manged by utm 9?

 

Thanks in advance.



This thread was automatically locked due to age.
  • 0

    Labas ciwan,

    We're having to guess at the specifics, so if the following doesn't fit your needs, please say why not.

    The easiest would be to have one Remote Access method reserved for "guests" where you use a "Single event" time period definition in a firewall rule allowing traffic to the servers for a two-hour time period.  There's no other way to have the granular control you want with remote access.  If you want to allow guests to use WiFi or a specific VLAN, you could define a Hotspot with a voucher limiting time to two hours.  In any case, you would want to disable the User object for the Guest after two hours if only a one-time use was allowed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    This post from two years ago may help.

    https://community.sophos.com/products/unified-threat-management/f/general-discussion/95832/single-time-event

    The bug that he encountered has been fixed.

    If the post does not provide enough information, suggest that you try sending a private message to the originator.

  • 0 in reply to DouglasFoster

    For completeness, it is worth nothing that a time event is different from expiring an account.   UTM Local Accounts cannot be configured with an expiration date.   If you want account expiration, you need to use a backend system such as Active Directory which provides that feature.   

    However, the time event can be used to limit traffic for specific, for those paths where time filtering is possible.  This includes web filtering and firewall rules.

  • 0 in reply to DouglasFoster

    Basically whats happening here is that, we need to expire a user to RDP to the servers. We are looking for VPN user's login to Sophos SSL Vpn expiration after lets say 2 hours.. not too sure if this is possible tho.

     

    With AD, yes it has the feature but not all the servers are part of ADs..

  • 0 in reply to BAlfson

    Hey Bob

     

    I am probably missing something here... but i can't see 'guest' under Remote Access

     

    cheers.

  • 0 in reply to ciwan

    I was suggesting something like reserving L2TP/IPsec for guests and having non-guests use a different Remote Access method.

    If indeed you have Active Directory, then I would favor Doug's suggestion above to use Active Directory to create the time limits for guests.  In that way, you can use SSL VPN Remote Access for everyone and still achieve your desired outcome.

    Another alternative would be to use WAF and have the guests access your servers without VPNing in.  WAF does have a mechanism for time limits.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML