Is it possible to limit the VPN users' access by their public address?

Reply
L4 Transporter

Is it possible to limit the VPN users' access by their public address?

Is it possible to limit the VPN users' access by their public address?

L6 Presenter

Re: Is it possible to limit the VPN users' access by their public address?

Looking forward to others suggestions as nothing comes to mind but have to ask why you would need to do this. 

L7 Applicator

Re: Is it possible to limit the VPN users' access by their public address?

If you have users who VPN in and you know their public IP then sure you can allow vpn only from those IPs in Security Policy and block access to IP where vpn is terminated by all others. But what is the benefit?

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE (3.0, 5.0, 6.0, 7.0), PCNSE (6, 7), PCNSI
L6 Presenter

Re: Is it possible to limit the VPN users' access by their public address?

@Raido. Are you saying that if you add a policy to block a certain ip or subnet on the external interface that it will overide the built in (i assume that terminology) rule for portal and gateway. I have no need to ever go there but just curious. I cannot think why you would need to do this!

 

 

Community Manager

Re: Is it possible to limit the VPN users' access by their public address?

both portal and gateway are 'accessed' through the untrust to untrust security policy, so if you want to block certain countries from being able to vpn in, you can use GeoIP (or the actual IP addresses) in a security policy to block those countries/IPs.

 

Once the vpn has been established, the traffic inside the tunnel will originate from the tunel interface, so all users will be identical from a 'source' perspective. you could still leverage UserID and group membership to provide different access privileges


Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!