So most users using the remote access vpn.
My thought was now, create new ssl vpn profile and give seperate "vpn zone", and allow under Administration>Device Access the Userportal.
But no, you cant.
Is there anyway to make this happen for single user? Or do i just simple make firewall rule from vpn to some gateway with port HTTPS?
Or what is the best practice for some backup admin interface? Or can you put a specif user if he connect inside a local net?
Hello Simplified Sam ,Thank you for reaching out to the community, SSL VPN is strictly policy base, so you have a flexibility to either a assign a policy to a user or not assign. Where as a Userportal is zone base access, either you apply on a zone, or create an ACL under the administration > Device access > Local service ACL exception rule
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
So whats point of creating a new SSL VPN (Remote)?
I dont really understand the purpose of acl exception rule, and like always the documentation lacking clarification.
Please tell in simple words how i can add single user to access to my userportal. Will be a firewall rule fine?
You can define, whether from which zone you want to allow, in simple words just create ACL , refer the screenshot below:
Yes but that does not answer my question. I cant specify define here a user? Or am i blind?
My problem is still, i cant seperate vpn for normal user or vpn for admins, since i can only set up global SSL Settings.
I tried to make it work with firewall rule, but i cant access GateWay:4444
User base ACL can not be created only IP base !!
Hello,
it mus be possible to let only specif person access a userportal over the same vpn???
Or do you see any way that i can seperate him?
And please dont come with ACL again, at this point i am not sure if your mocking me or just cant help me.
I am afraid Simplified Sam it would not be possible !!