SSL VPN Security

tohoken — Thu, 22 Sep 2011 21:14:45 GMT

All,

I have the SSL VPN setup and working. All my remote users have access to the internal resources they need. The time has now come to add a vendor to access their specific internal server. So, I will create an user on the PA in the Local DB and configure the VPN to allow them to connect. My question is, once they connect and authenticate, how to I control their access to only allow access to a specific IP address? My tunnel in in the trusted zone.

Thanks,

Ken

Re: SSL VPN Security

jleung — Fri, 23 Sep 2011 06:22:49 GMT

Hi,

You have two ways to apply secuirty on SSLVPN traffic in your scenario:

1. move the tunnel interface to a dedicated SSLVPN zone, so that all traffic from SSLVPN zone to other zone must be explicitly allowed. And you can apply control based on source users or group.

2. keep your current setting but creae policy based on the source user or group that you have given to the vendor.

you can also apply AV, AS and Vul profiles to that policy.

You can review the traffic log and you should see the user id used by the vendor.

Regards,

Jones

topic SSL VPN Security in General Topics

SSL VPN Security

Re: SSL VPN Security