Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 6157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Login Restriction - Not working

Jossy Vazhaparambil

Hi Team

I am using the Sophos XG125 and running the latest firmware 16.01.2.

I am creating users and trying to apply the Login restrictions on the group level to which the user belongs. For this test scenario, I have the XG125 device and one computer attached to that network.

While creating the group, I selected the option to restrict the login to certain IPs and entered the allowed IP in the "Login Restriction" section.

However, when I try the VPN connection using that user/group, I see that the remote user is able to launch XG125 from the web interface. I don't want that one to happen like that.

When I apply the restrictions, does it not apply to the XG125 web interface?

Looking for some advise and assistance from the community.

Regards

Jossy



This thread was automatically locked due to age.
Parents
  • 0

    Jossy,

    can you share what you have configured?

    Is the user able to access the web interface?

    Thanks

  • 0 in reply to lferrara

    Hi Luk

    Yes, I am able to access the web interface of the XG125 while connected with the VPN user.

    I don't want all the VPN users to access the web interface of the XG125.

    I am trying to upload a .jpg file of the screen shot. However, I keep getting the error while uploading the file.

    Also, I noticed that if I am connected as a PPTP VPN user, I am unable to connect to the Internet from my existing network. However, it works perfectly using SSLVPN. Do I need to enable any special settings to enable that from PPTP VPN Connection?

    Regards

    Jossy

  • +1 in reply to Jossy Vazhaparambil

    Jossy,

    check the https web admin configuration under Administration > Device Access.

    For the PPTP user, make sure to create proper firewall rule to allow traffic from PPTP network to WAN. Also on the client side make sure to check (route all traffic using this gateway). The other option is to uncheck this checkbox so PPTP users can use their internet gateway to surf on internet.

    See this article:

    http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/pptp/mvpn_pptp_internet-access_c.html

  • 0 in reply to lferrara

    Luk

    Under my Administration --> Device Access the https web admin option is enabled over VPN. 

    My question was : using the PPTP VPN I would like to restrict the user access to different objects. Though I entered the allowed Node as only one computer over the PPTP VPN, since under my Administration --> Device Access the https is enabled for VPN, it will allow the https web interface to go through as well. Am I right?

    Regarding the Internet access over the PPTP VPN, I referred to your suggested article's "Split Tunnel VPN Setup for Mobile VPN with PPTP" option for Windows 7. It worked out for me.

    Appreciate your assistance.

    Regards

    Jossy

  • +1 in reply to Jossy Vazhaparambil

    Jossy,

    you can disable HTTPS for VPN zone and use ACL inside the same menu in order to allow more restricted HTTPS access.

    Well done for the PPTP.

Reply Children