Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 5122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using SSL remote-access VPN and restrict access per-user

BarryG
Hi,

I'm using the SSL remote access VPN for remote-admin purposes.

I also have some less-trusted users that I'd like to give restricted access to one of my home servers (I can put one of it's interfaces in a DMZ if needed).

1. Can I use the automatic Network Definitions for the users to create firewall rules?

2. If not, other than the SSL VPN, which VPN client would be good for both Windows and Mac users?

3. Also, I'd like to be able to make connections TO those users from my home network (from the primary LAN).
Is there a way to get the UTM to update it's DNS entries with their current VPN IPs?
Or to make their VPN IPs static?

Thanks,
Barry


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    I discovered last night that I can create a separate SSL VPN profile for different users, and set different 'local networks' for each profile.

    Is that pretty secure? e.g. the user wouldn't be able to override the routes in the client, right? (because the UTM should enforce the routes)

    Another question: can one put a bunch of user's network definitions into a network group (and use that in a firewall rule)?

    Thanks,
    Barry
Reply
  • 0
    Hi,

    I discovered last night that I can create a separate SSL VPN profile for different users, and set different 'local networks' for each profile.

    Is that pretty secure? e.g. the user wouldn't be able to override the routes in the client, right? (because the UTM should enforce the routes)

    Another question: can one put a bunch of user's network definitions into a network group (and use that in a firewall rule)?

    Thanks,
    Barry
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML