topic Allow mobile phone access by userid, is this possible? in General Topics

Allow mobile phone access by userid, is this possible?

mcocat — Mon, 02 Mar 2015 13:49:59 GMT

Our techs often interface with Zenoss, and we have a mobile app that will let us view and interact with the alarms. The problem is we need to establish VPN access first. I also don't want to open the port for the world, and I can't allow a specific ip/range because they will be connecting from various mobile carriers. I'd like to specify an allowed user as part of the rule, but how can I ensure that mobile device will be allowed via user? Can I create a rule for certificate based authentication? Any other ideas?

Re: Allow mobile phone access by userid, is this possible?

jthakur — Mon, 02 Mar 2015 21:00:40 GMT

What I understand is you have VPN connection and you want specific users to use mobile devices to access resources. If you are using LDAP based authentication, then create a separate user id and group for mobile users. And create a Global Protect Portal with the user group for mobile users and select Android and iOS under OS. This way only when the both conditions are true, then the VPN will be established.

Let me know if don't like this idea.

Re: Allow mobile phone access by userid, is this possible?

mcocat — Mon, 02 Mar 2015 21:49:22 GMT

Not exactly. I'd prefer not to VPN at all. For example, I'd like to create a rule that allowed ANY source from the outside to my internal server on port 80, but only for certain users. I know I can create a rule and specify users, but an iphone that doesn't VPN in won't provide user-id matches to the PAN. After doing some research I believe this is an impossible task, but if anyone has some ideas I'd be interested in hearing them.