Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 3269 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add DNS to separate SSL VPN profile

lara20

I have a  SSL vpn profile (PROFILE 1) through which majority of my users login remotely if required to access the LAN

For a small group of contractors i have created a separate SSL VPN profile (PROFILE 2), so they have access only to 1 resource (SERVER B) on the network from remote.

What i am struggling is, the PROFILE 2 users cannot make any password changes, or have any name resolution because dns server is not listed in the PROFILE 2. They have access only to the File server B

My current DNS (DC) server is also file server( FILE SERVER A) so i have not listed my dns server is in the allowed resource section for VPN Profile 2. How do i just allow port no 53 (DNS) for SSL VPN PROFILE 2, but block all file shares from the DNS file server.(FILE SERVER A) I do not want to create any explicit file permissions to block these users on my DNS file server. Can DNS, LDAP be allowed, but rest of the service be blocked from the VPN Profile 2.



This thread was automatically locked due to age.
  • 0

    Hey  

    You could restrict the small group of contractors using SSL VPN profile 2, by restricting their access via the user firewall rule you have configured for their SSL VPN traffic to the LAN. By creating a separate Remote SSL VPN group for the user accounts of these contractors, you would be able to properly define and segregate their network access.

    For example:

    SSL VPN Profile 2

    • Permitted Network Resources would include your DNS (DC/File Server A) Server and File Server B
    • 2x User/Network Firewall rule would match to the identity of the separate Remote SSL VPN Group that you created for the small group of contractors
      • 1 Firewall rule would only allow DNS, LDAP, etc traffic destined for your DNS (DC/File Server A)
      • 1 Firewall rule would allow the rest of the services you permit for your File Server B
    • Also ensure to list your DNS server IP in the DNS field in Show VPN Settings

    Please PM me if you run into any issues, I can further assist you by utilizing the support access tunnel to your appliance.

    Regards,