Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 6822 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One seperate external Line for only one SSL VPN Power-User of many

FHegnauer

Hello Everyone,

 

a customer of ours asked us a question about giving a Power-User a seperate DSL-Line with a static IP-Address for his home-office.

So here is my question:

Is it possible to give one single user an ssl-vpn profile that connects to a second (new) DSL-Line (with more speed) and not move the other users to the new line aswell, because this would destroy the whole purpose of this line.

The idea behind this looks to me something like that they want to save bandwith for their regular vpn-users und split this special guy (lots of promo vids, CAD-drawings, and more) off to the new second DSL-Line.

 

If there is a possibility to archieve that, please give me an example how.

Please explain any step necessary to realise that, cause i want to try that first in a non productive environment. (please be free to explain for someone not so experienced...)

 

Any help is much appreciated.

 

Thank you very much.

Franz



This thread was automatically locked due to age.
Parents
  • 0

    I think this kb article enables the feature you are requesting

  • 0 in reply to DouglasFoster

    Hello Douglas,

    i don't think that this is going to work, as the users should not only beeing devided in their Web Browsing habbits.

    Here is more the line Speed the Problem for the Power-User, with file Transfers from the VPN-Notebook to the internal file Servers. So we are talking mainly about Communication to the Company Network File Server and not web-Surfing through the Company web Proxy.

    In the last week this guy actually used every single bit of the vpn-line so that other users actually preferred to NOT work from remote and drove to work for direct Access.

    Thank you, anyway.

    Greetings

    Franz

     

    Sophos Certified Architect - UTM
    using Sophos UTM since Astaro ASG v7 ;-)

    PDV-Systeme GmbH est. 1985 is
    Gold Solution Partner since 2009

  • 0 in reply to FHegnauer

    So you meex him to connect on a different IP address.  SSL VPN only lustens for one hostname, so I think you need a secind UTM for him or else a different connection method, such as L2TP.

    You could try this:  create a host file entry on his laptop which points the UTM hostname to the interface dedicated to his traffic.  As long as the file is not overwritten, you should be OK.

    Then you could give him his own ip pool so you could tailor his traffic based on any mixture of IP address, username, and interface .

Reply
  • 0 in reply to FHegnauer

    So you meex him to connect on a different IP address.  SSL VPN only lustens for one hostname, so I think you need a secind UTM for him or else a different connection method, such as L2TP.

    You could try this:  create a host file entry on his laptop which points the UTM hostname to the interface dedicated to his traffic.  As long as the file is not overwritten, you should be OK.

    Then you could give him his own ip pool so you could tailor his traffic based on any mixture of IP address, username, and interface .

Children
No Data
Unfiltered HTML