Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Zone Based Access

Zones are a nice new concept thinking.

User should have access only to certain "zone". For example Wi-Fi and VPN zones. This implement least of privileges for users that need restricted permission on some area without compromising security.


Please allow us to create user and zone profile.


Vote feature request:

http://feature.astaro.com/forums/330219-sophos-xg-firewall/suggestions/10783881-zone-based-access-restriction


Luk



This thread was automatically locked due to age.
Parents
  • This is actually possible using the Firewall Security policy please see the screen shot below

    You can derive 2 statements out of this 

    1. Only Eric, Kranthi, Jacob and Chris can authenticate from the Lan and Wifi zone. 

    2. If my destination interface is Intranet Zone, Only Kranthi, Jacob, Eric and Chris has access to the intranet zone

    is this something you are looking for ? 

  • Thank you Kran.
    This is a network rule to allow/deny traffic. What I mean is to allow to split XG management linking user to zone.
    So as Admin you allow Eric to manage Wi-Fi zone only (so all other option are blocked) while allow Jacob to manage VPN (so he can create IPSec, SSL, PPTP and any services/object linked to VPN zone).

    Is is clear, now?

    It is more on giving permission to user/group to manage a zone and all related object.

    Luk
Reply
  • Thank you Kran.
    This is a network rule to allow/deny traffic. What I mean is to allow to split XG management linking user to zone.
    So as Admin you allow Eric to manage Wi-Fi zone only (so all other option are blocked) while allow Jacob to manage VPN (so he can create IPSec, SSL, PPTP and any services/object linked to VPN zone).

    Is is clear, now?

    It is more on giving permission to user/group to manage a zone and all related object.

    Luk
Children
No Data