SSL-VPN

Question

Hello everyone! 
 I have to prevent my company users from logging in through multiple machines with SSL-VPN. I tried to use MAC Binding but it didn't work ("MAC Binding option is only supported with client base SSO. SSL VPN client, Captive Portal and Client Authentication Agent (CAA) is not supported.") 
 With this information how can I do that, to force my users to use only the company notebook to conect to the VPN?

lferrara · Answer

Aline, 
 in order to force your users to connect to your corporate, you could use a NAC product or you can even use Sophos Heartbeat. Using Sophos HB, if the remote computer does not have Sophos installed in a healthy status, the computer does not have any permissions to access internal resources. 
 Regards

lferrara · Answer

Have a look at this thread: 
 https://community.sophos.com/products/xg-firewall/f/authentication/95069/is-it-possible-to-add-mac-address-filtering-to-ssl-vpn-authentication

LuCar Toni · Answer

Hi, 
 there is a KBA for this setup. 
 https://community.sophos.com/kb/en-us/132526