Is there a method to white list IPs per SSL VPN group, to only allow those users to be able to VPN in if they are coming from the list static IPs?
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Is there a method to white list IPs per SSL VPN group, to only allow those users to be able to VPN in if they are coming from the list static IPs?
Because SSL VPN is device access setting based, maybe try with 2 ACL exception rules:
- first allow your list > SSL VPN
- that drop ANY (0.0.0.0/0) > SSL VPN
But never tested if working.
That's the correct way.
But it may be a little more simple:
remove checkbox for SSL-VPN from device access / Local service ACL->WAN
Create one ACL exception rule allowing SSL-VPN from specific IP.
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
You can't specify specific IP's for specific SSL-VPN definitions.
I use only one profile for all allowed VPN-users and create user/group specific firewall-rules that control access.
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.