Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 3 subscribers
  • Views 660 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN - Firewallregeln pro Profil?

mauti4secure

Guten Tag,

ist es irgendwie möglich Firewallregeln vom Profil abhängig zu machen? Bei den Firewallregeln (manuell erstell) gebe ich den VPN-Pool an. Da kann ich ja nur einen nutzen.

Ich möchte, dass z. B. ein User bzw. eine Gruppe "nur" auf die Server A,B,C zugreifen kann, aber ein anderer User bzw. Gruppe "nur" auf die Server 1,2,3. Die Server A,B,C und die Server 1,2,3 sind derzeit im gleichen Netz.

Grüße und Danke



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to mauti4secure

    Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    If these users are all accessing via VPN Remote Access, then the UTM knows the numeric IP of signed-in users.  For example, if BAlfson were one of the users, you would be able to use "BAlfson (User Network)" in a firewall rule's 'Source' field.  If you make a User Group "Allowed Users" containing the User objects of the users allowed to reach the servers, you could create a firewall rule like:

    Allowed Users (User Group Network) -> Any -> {Network Group of servers} : ALLOW

    Note that if the VPN Pool is allowed to use Web Filtering, you will need additional configuration there - see #2 in Rulz (last updated 2019-04-17).

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML