Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 2727 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

temporary vpn user

ciwan

Hi All

 

Is it possible to create a guest vpn user on UTM 9. And put lets say 2 hours connectivity after that, don't let the user to have activity on any server that is manged by utm 9?

 

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Labas ciwan,

    We're having to guess at the specifics, so if the following doesn't fit your needs, please say why not.

    The easiest would be to have one Remote Access method reserved for "guests" where you use a "Single event" time period definition in a firewall rule allowing traffic to the servers for a two-hour time period.  There's no other way to have the granular control you want with remote access.  If you want to allow guests to use WiFi or a specific VLAN, you could define a Hotspot with a voucher limiting time to two hours.  In any case, you would want to disable the User object for the Guest after two hours if only a one-time use was allowed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob

     

    I am probably missing something here... but i can't see 'guest' under Remote Access

     

    cheers.

  • 0 in reply to ciwan

    I was suggesting something like reserving L2TP/IPsec for guests and having non-guests use a different Remote Access method.

    If indeed you have Active Directory, then I would favor Doug's suggestion above to use Active Directory to create the time limits for guests.  In that way, you can use SSL VPN Remote Access for everyone and still achieve your desired outcome.

    Another alternative would be to use WAF and have the guests access your servers without VPNing in.  WAF does have a mechanism for time limits.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to ciwan

    I was suggesting something like reserving L2TP/IPsec for guests and having non-guests use a different Remote Access method.

    If indeed you have Active Directory, then I would favor Doug's suggestion above to use Active Directory to create the time limits for guests.  In that way, you can use SSL VPN Remote Access for everyone and still achieve your desired outcome.

    Another alternative would be to use WAF and have the guests access your servers without VPNing in.  WAF does have a mechanism for time limits.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML