Conditional Firewall rules for remote access users/devices

Question

Currently we use VPN SSL remote access with automatic firewall rules. The access is limited only to members of a certain AD (ActiveDirectory) group. 
 Now I would like to use two AD groups where members of the one group have firewall rules which give them full access (all services). Those users for example have a company notebook which has trustful security software, etc. Users of the other group should be only allowed to access RDP (Remote Desktop) because they connect from a private/home workstation where I can not verify which security standards are used and I only want to allow them RDP. 
 The next level I could imagine would be conditional fw rules for certain devices. Is it possible to identify remotely accessing notebooks and giving them different fw rules?

mod2402 · Answer

Hi Chris, 
 ChrisSoukup said: 
 Now I would like to use two AD groups where members of the one group have firewall rules which give them full access (all services). Those users for example have a company notebook which has trustful security software, etc. Users of the other group should be only allowed to access RDP (Remote Desktop) because they connect from a private/home workstation where I can not verify which security standards are used and I only want to allow them RDP. 
 
 For this Requirement you can use "User Network" Objects or "User Group Network" Objects. 
 ChrisSoukup said: 
 The next level I could imagine would be conditional fw rules for certain devices. Is it possible to identify remotely accessing notebooks and giving them different fw rules? 
 
 One solution is to use Authentication agents on that notebooks. You could create one local user account for every notebook. The User Network" Object for this accounts could identify the remote notebooks. 
 regards 
 mod