Remote access to one ip in LAN zone but block to other LAN hosts

Hi.

I don't know if I understand your problem correctly.

If you wand only one User to be able to access one host through VPN you could just create a SSL VPN profile and put the user and the host into thies profile. Don't check "Automatic firewall rules" but create them by hand (only allowing RDP to the host for the SSL-User-VPN-Object.

But if the user is connected to the RDP-Host he would normally be able to reach other machines in the same subnet using a browser on the RDP-Machine for instance.

Yes that was my question, i have rule but when allow RDP to this host and user connect via VPN, he can make RDP to other hosts in LAN subnet! I thought there was a way to track the source address, and a way to block it! Thank you so much for the answer!

Hi 

If the VPN-User launches an RDP session from the server he is allowed to connect by the VPN-Profile. This RDP session comes from the IP-Address of the server.

So, if the server is on a separate VLAN you can create a FW rule to block RDP traffic to other VLANS or hosts.

For host in the same VLAN you would have to configure this on OS-level.