Hi,
is the following scenario possible?
We want to protect our internal website by means of tokens, but only for employees. For external parties we want to protect on incoming (source) IP address.
I thought about the following scenario and wanted to ask you if this is possible and if so am I imposing some sort of security risk.
Here the situation:
- people connect using the URL (https traffic).
- when the request is coming from known third parties ASL redirects the traffic based on the source ip address to site 1
- all other incoming requests are redirected to site 2
Can I solve this by creating to DNAT rules where in one rule I specify the source ip address group of the external parties insterad of 'any' and use as destination 'site 1'.
Then I create a second DNAT rule with lower priority and use 'any' as the source and use as destination 'Site 2'.
Is this possible?
Can I use automatic packet filter rules in this situation or do I have to create them manually and specifiy the same source addresses on them as in the DNAT rule? Or will ASL take care of that?
Franc.
This thread was automatically locked due to age.
