Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - Different Groups

Good Evening - Took awhile but I am now able to ping and reach the inside network via SSL VPN.

This leads to another question...

Is if possible to Create Multiple SSL VPN Groups that have limited access to different Networks

Admin_VPN Users able to get to systems and management

Standard VPN User able to get to what systems they need but limited .

I tried to setup the different IP Groups, but it seems that the devices pulls the lease from the VPN Setups IP4 list. (Screenshot) is there another way to lease addresses to the VPN to separate groups?

Thanks,

Ben



This thread was automatically locked due to age.
Parents
  • Hello Ben,

    I am glad to hear you were able to resolve your configuration issue.

    All the SSL VPN users get their IP from the SSL VPN pool.

    You can create different SSL VPN profiles and use Identity and Permitted Network Resources to segregate the traffic.

    For example: 

    SSLVPN_Admins

    Policy Member = Admin1, Admin2

    Permitted Network Resources = 172.16.150.100-172.16.150.105

    SSLVPN_Sales

    Policy Member = Sales1, Sales2

    Permitted Network Resources = 10.10.10.100,10.10.10.101. 10.10.10.102

    SSLVPN_HR

    Policy Member = HR1, HR2

    Permite Network Resources = 10.10.10.103, 10.10.10.104

    You would need a Firewall rule for each SSL VPN profile you create, and select "Match known Users" accordingly in the Firewall Rule.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello Ben,

    I am glad to hear you were able to resolve your configuration issue.

    All the SSL VPN users get their IP from the SSL VPN pool.

    You can create different SSL VPN profiles and use Identity and Permitted Network Resources to segregate the traffic.

    For example: 

    SSLVPN_Admins

    Policy Member = Admin1, Admin2

    Permitted Network Resources = 172.16.150.100-172.16.150.105

    SSLVPN_Sales

    Policy Member = Sales1, Sales2

    Permitted Network Resources = 10.10.10.100,10.10.10.101. 10.10.10.102

    SSLVPN_HR

    Policy Member = HR1, HR2

    Permite Network Resources = 10.10.10.103, 10.10.10.104

    You would need a Firewall rule for each SSL VPN profile you create, and select "Match known Users" accordingly in the Firewall Rule.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children