DOD requirements

Question

I have a client who needs to be able to disconnect SSL VPN users based on them trying to access another website such as Dropbox or another public cloud. Here is the exact question: 
 " Can we drop connections based on the site accessed? ie. dropbox or other cloud based storage services?" 
 I started thinking creatively, and then too creatively so I would like input form the community. Would this be a combination of end point and web protection or is there a way like making the SSL VPN full tunnel, and setting up web filter rules that apply to users in the remote SSL users group? 
 
 Thanks for your time.

rfcat_vk · Accepted Answer

Hi Anthony, 
 you can block access to cloud services in web and application policies, but I am not sure how you can disconnect a user. 
 Ian

emmosophos · Answer

Hello Anthony, 
 Thank you for contacting the Sophos Community! 
 You can't disconnect a user based on the Website they visit, but as you mentioned if you configure the tunnel to be a Full tunnel then you can do web-filtering and block or allow access to specific websites only. 
 If you use Webfiltering in the endpoint, then I think you can also block access to websites from the endpoint directly, and you would configure the SSL VPN to only access internal resources in the XG. 
 Regards,

DOD requirements

Top Replies