Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - Different Groups

Ben Sanderson

Good Evening - Took awhile but I am now able to ping and reach the inside network via SSL VPN.

This leads to another question...

Is if possible to Create Multiple SSL VPN Groups that have limited access to different Networks

Admin_VPN Users able to get to systems and management

Standard VPN User able to get to what systems they need but limited .

I tried to setup the different IP Groups, but it seems that the devices pulls the lease from the VPN Setups IP4 list. (Screenshot) is there another way to lease addresses to the VPN to separate groups?

Thanks,

Ben



This thread was automatically locked due to age.
  • +1

    Hello Ben,

    I am glad to hear you were able to resolve your configuration issue.

    All the SSL VPN users get their IP from the SSL VPN pool.

    You can create different SSL VPN profiles and use Identity and Permitted Network Resources to segregate the traffic.

    For example: 

    SSLVPN_Admins

    Policy Member = Admin1, Admin2

    Permitted Network Resources = 172.16.150.100-172.16.150.105

    SSLVPN_Sales

    Policy Member = Sales1, Sales2

    Permitted Network Resources = 10.10.10.100,10.10.10.101. 10.10.10.102

    SSLVPN_HR

    Policy Member = HR1, HR2

    Permite Network Resources = 10.10.10.103, 10.10.10.104

    You would need a Firewall rule for each SSL VPN profile you create, and select "Match known Users" accordingly in the Firewall Rule.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0

    After building the VPN-connection, the user is known to the XG.

    Now I use the user/group directly within firewall rules at "Match known users"


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

    Unfiltered HTML