Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Allow access from the specified nodes." What is this?

John Woodall

My question is what does this mean?

The interface provides the option:

 

The help interface says:

Login restriction
Allow access from the specified nodes. You can specify no restriction (any node), named nodes, or a node range.

 

Well thanks for telling me nothing!

What can I do with this?  My Google-fu turned up nothing useful.



This thread was automatically locked due to age.
  • 0

    Hi  

    The following options for login restrictions are available: 

    • Any Node: The User can log in from any node in the network.
    • User Group Node(s): If a user belongs to a particular group, he/she inherits the login restrictions applied to that group.
    • Selected Nodes: The User can only log in from specified IP addresses.
    • Node Range: The User can log in from any IP within the specified range of IP addresses.

    Please refer to the article- https://community.sophos.com/kb/en-us/123038

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

    • 0 in reply to Keyur

      Can this be combined with SSL VPN to restrict certain users from logging in from specified public IP addresses?

      • 0 in reply to John Woodall

        So it turns out you can't.

        This is only for the actual IP of the client. 

        So once you connect to the SSL VPN, if the SSL VPN IP (range) is not in the allowed node list, it does not allow it.

        even if there's another group that has the public IP allowed, it does not allow it.

        • 0 in reply to John Woodall

          Hi  

          Thank you for sharing the details.

          Once the tunnel creates the traffic will be coming to the XG would the IP leased to SSL VPN client but it is not persistent IP which will not allow you to achieve your requirement.

          We do have a persistent IP address for specific user feature in Sophos connect, L2TP and PPTP

          Regards,

          Keyur
          Community Support Engineer | Sophos Support
          Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
          If a post solves your question use the 'This helped me' link