Is it possible to limit the VPN users' access by their public address?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is it possible to limit the VPN users' access by their public address?

L4 Transporter

Is it possible to limit the VPN users' access by their public address?

4 REPLIES 4

L7 Applicator

Looking forward to others suggestions as nothing comes to mind but have to ask why you would need to do this. 

Cyber Elite
Cyber Elite

If you have users who VPN in and you know their public IP then sure you can allow vpn only from those IPs in Security Policy and block access to IP where vpn is terminated by all others. But what is the benefit?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

@Raido_Rattameister. Are you saying that if you add a policy to block a certain ip or subnet on the external interface that it will overide the built in (i assume that terminology) rule for portal and gateway. I have no need to ever go there but just curious. I cannot think why you would need to do this!

 

 

both portal and gateway are 'accessed' through the untrust to untrust security policy, so if you want to block certain countries from being able to vpn in, you can use GeoIP (or the actual IP addresses) in a security policy to block those countries/IPs.

 

Once the vpn has been established, the traffic inside the tunnel will originate from the tunel interface, so all users will be identical from a 'source' perspective. you could still leverage UserID and group membership to provide different access privileges

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1803 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!