How can we restrict SSL VPN access to specific IP addresses, if the user is in specific 'group'?
The mechanic attached to the Group only checks the client IP (once on VPN); and then it's only checking the SSL VPN subnet IP (a private subnet), not the public IP where they're coming from. This is effectively a firewall rule - since it's already connected to the SSL VPN. Not sure why there's a duplication of responsibility.
We want:
Group: Employees
can connect from anywhere
Group: Vendors
can only connect from their business IP (so they cant take laptop home and connect from home)
How can this be achieved?
This thread was automatically locked due to age.