Allow HTTPS/4444 to only one VPN user group (not all VPN users)?

Question

I know it sounds a bit redundant but I would like to allow group members in a VPN policy access to HTTPS management however not all VPN users. Any ideas? TIA

lferrara · Accepted Answer

Tony, 
 you cannot achieve this. The only way to allow a restricted users to access the HTTPS web interface is to use the "assign static IP" by using L2TP/IPsec VPN and then in the Administration > Device access > Local ACL, put as source the static ip of the users you want to allow. 
 Please vote this FR: 
 https://ideas.sophos.com/forums/330219-sophos-xg-firewall/suggestions/10828488-assigning-static-ip-to-ssl-vpn-users 
 Regards