Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1860 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN: Client ACL / allow only one client

bendeichp
Hi Forum,

One customer asked for this feature...
So I'm just curious if there is any chance to allow/deny specific clients for Remote Access aka OpenVPN. IMHO OpenVPN does not provide such a feature by itself. Maybe Sophos built something to achieve my goal?
Maybe in conjunction with Endpoint Security? Unfortunately I found nothing interesting on the feature list but maybe I overlooked something...

Any suggestions?

Thanks in Advance,
Pascal


This thread was automatically locked due to age.
  • 0
    Only those allowed users or groups in an SSL VPN profile are allowed to login.  If you are talking about blocking based on IP, you can do so via a blackhole dnat.

    OpenVPN does not provide such a feature by itself.  Maybe Sophos built something to achieve my goal
    UTM uses OpenVPN.

    If these don't fit the bill, you can make a feature request at UTM (Formerly ASG) Feature Requests: Hot (1909 ideas)
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Pascal,

    You could assign static IP addresses to the user(s) that you want to restrict and write firewall rules around that user(s) as well as other policies.
  • 0
    Hi, Pascal, and welcome to the User BB!

    Ron, unfortunately, the UTM won't let you assign static IPs to SSL VPN users, but you can leave the 'Automatic firewall rules' box unchecked and create user-specific rules like 'balfson (User Network) -> Web Surfing -> {web server} : Allow'.

    If you use Active Directory, there are some other tricks available.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Ron, unfortunately, the UTM won't let you assign static IPs to SSL VPN users, but you can leave the 'Automatic firewall rules' box unchecked and create user-specific rules like 'balfson (User Network) -> Web Surfing -> {web server} : Allow'.
    Cheers - Bob


    Bob, That is what I was trying to say but I guess it did not come out that way [:)]

    -Ron
Unfiltered HTML