Hi All,
As a result of the current global situation, we have a remote client that needs to access one of our DMZ zoned WAF servers from home. However, they are connecting with cellular internet and their IP is highly dynamic. For all other clients with static IPs, we have added their addresses as allowed client networks to create a form of whitelist (Sophos: PLEASE allow IP Host Groups for this option, but I digress).
I have tried setting up a separate SSL VPN group with this user added and access to the DMZ network provided in Permitted Network Resource and Use as Default Gateway enabled, but when they connect, the WAF servers go unresponsive for that VPN connection. They can browse the rest of Internet - this is confirmed via the logs.
I have considered using their computers MAC address and creating a new DNAT rule, but I am concerned that this is less secure and I am sure that there is a proper solution that I am simply missing due to my own shortcomings in understanding how to set this up, so I'm turning to the community.
The need for HTTP/HTTPS access extends beyond web browsers, as we have Apps that require access using these ports as well, meaning that any browser based authentication will not, to my understanding, work in our scenario.
Happy to provide additional details if pointed in the right direction!
Cheers,
Andre
This thread was automatically locked due to age.
