So most users using the remote access vpn.
My thought was now, create new ssl vpn profile and give seperate "vpn zone", and allow under Administration>Device Access the Userportal.
But no, you cant.
Is there anyway to make this happen for single user? Or do i just simple make firewall rule from vpn to some gateway with port HTTPS?
Or what is the best practice for some backup admin interface? Or can you put a specif user if he connect inside a local net?
Hello Simplified Sam ,Thank you for reaching out to the community, SSL VPN is strictly policy base, so you have a flexibility to either a assign a policy to a user or not assign. Where as a Userportal is zone base access, either you apply on a zone, or create an ACL under the administration > Device access > Local service ACL exception rule
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
So whats point of creating a new SSL VPN (Remote)?
I dont really understand the purpose of acl exception rule, and like always the documentation lacking clarification.
Please tell in simple words how i can add single user to access to my userportal. Will be a firewall rule fine?
You can define, whether from which zone you want to allow, in simple words just create ACL , refer the screenshot below:
Yes but that does not answer my question. I cant specify define here a user? Or am i blind?
My problem is still, i cant seperate vpn for normal user or vpn for admins, since i can only set up global SSL Settings.
I tried to make it work with firewall rule, but i cant access GateWay:4444
User base ACL can not be created only IP base !!
Hello,
it mus be possible to let only specif person access a userportal over the same vpn???
Or do you see any way that i can seperate him?
And please dont come with ACL again, at this point i am not sure if your mocking me or just cant help me.
I am afraid Simplified Sam it would not be possible !!
You can set static IP for this specific SSL vpn user and then allow access via acl exception. Or do it trough a NAT rule.