Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 5122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using SSL remote-access VPN and restrict access per-user

BarryG
Hi,

I'm using the SSL remote access VPN for remote-admin purposes.

I also have some less-trusted users that I'd like to give restricted access to one of my home servers (I can put one of it's interfaces in a DMZ if needed).

1. Can I use the automatic Network Definitions for the users to create firewall rules?

2. If not, other than the SSL VPN, which VPN client would be good for both Windows and Mac users?

3. Also, I'd like to be able to make connections TO those users from my home network (from the primary LAN).
Is there a way to get the UTM to update it's DNS entries with their current VPN IPs?
Or to make their VPN IPs static?

Thanks,
Barry


This thread was automatically locked due to age.
Parents
  • 0
    Hey, Barry, 

    1. Yes, this works great with objects like "user1 (User Network)"

    2. The SSL VPN works well, but the other Remote Access methods also populate the User Network object.

    3. You can't assign a static IP to an SSL VPN user, so you need to use a NAT rule. If you use a DNAT instead of a Full NAT, you might need to set a route in the client.  Please let us know. 

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hey, Barry, 

    1. Yes, this works great with objects like "user1 (User Network)"

    2. The SSL VPN works well, but the other Remote Access methods also populate the User Network object.

    3. You can't assign a static IP to an SSL VPN user, so you need to use a NAT rule. If you use a DNAT instead of a Full NAT, you might need to set a route in the client.  Please let us know. 

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML