Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 3738 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

limit SSL VPN remote access to specific IP addresses

John Woodall

How can we restrict SSL VPN access to specific IP addresses, if the user is in specific 'group'?

The mechanic attached to the Group only checks the client IP (once on VPN); and then it's only checking the SSL VPN subnet IP (a private subnet), not the public IP where they're coming from.  This is effectively a firewall rule - since it's already connected to the SSL VPN.  Not sure why there's a duplication of responsibility.

 

We want:


Group: Employees

can connect from anywhere

 

Group: Vendors

can only connect from their business IP (so they cant take laptop home and connect from home)

 

How can this be achieved?



This thread was automatically locked due to age.
Unfiltered HTML