This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Virtual IP Pools for SSL RA

We would like to have dedicated virtual IP pools for each SSL remote access profile so that we can create ACL policies on our routers/switches as to what subnets each can reach.

I can't seem to find this option - so I am guessing this is not a possibility but I figured I would ask.

Thank you!!

This thread was automatically locked due to age.

0 BAlfson over 10 years ago
That is not possible, but there's an easier, clearer way to do this. For background, consider #6 in Rulz.

Assuming that you have Active Directory, you will want to have the allowed VPN users synced to the UTM. You can create Backend Groups that correspond to AD Security Groups. You can make firewall rules for each Group by using the "(User Group Network)" objects created by WebAdmin when the Groups are defined.

Say you have an AD Group "Marketing" and you want to allow them to reach "Web Server M" via VPN:
Create a Backend Group "Marketing Team" limited to "Marketing"
Sync the members of "Marketing Team" to the UTM
Create an SSL VPN Profile for "Marketing Team" with "Web Server M" in 'Local Networks'
Either select 'Automatic firewall rules' in the Profile or create a firewall rule: 'Marketing Team (User Group Network)->Web Surfing->Web Server M : Allow'

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 aza2001 over 10 years ago

my manager at work wanted a similar thing, what we ended up having to do was setup a NAT rule for all VPN users that basically connects to another routed subnet then that subnet port forwards to our subnet

So it goes something to the effect of:

User vpn's to 10.20.60.0/16 (ssl vpn subnet)

user then wants to rdp to their machine on 10.0.0.67 (our LAN)

user puts into the rdp connection:

192.168.9.67 (aditional subnet not associated with any "LAN")

If you want more info please let me know [:)]
Cancel
Vote Up 0 Vote Down

Cancel