topic RADIUS authenticated SSL VPN users in policy in General Topics

RADIUS authenticated SSL VPN users in policy

pflanagan — Thu, 07 Jul 2011 20:07:44 GMT

Is is possible to define a "source user" in a security/QoS policy as a username/group that was authenticated by RADIUS? Basically, the need is for users coming in via SSL VPN to have specific security policies assigned to them based on username or RADIUS group membership.

Re: RADIUS authenticated SSL VPN users in policy

spolo — Thu, 07 Jul 2011 20:41:08 GMT

Yes, should be, although, if policy for all SSL VPN users is equal, then you may want to just assign the SSL VPN tunnel to a zone, and create policy based on that source zone.

Re: RADIUS authenticated SSL VPN users in policy

pflanagan — Thu, 07 Jul 2011 21:00:05 GMT

Thanks! In this situation there are several different types of users coming in from the same SSL VPN portal that need different security rules assigned to them. They have RADIUS group membership and the easiest thing to do would be to assign security rules with a "source user" of their particular RADIUS group.