02-01-2019 05:43 AM
I have external contractors connecting to my GP Portal in an on-demand connection setup.
Is it possible to enable 'always-on' VPN on same portal and gateway pair alongside with on-demand?
thanks.
02-01-2019 08:54 AM
Yes it is, i have several options on the same portal, some are on demand, some are always on and others include manual gateway selections and the option to disable GP. Just do it by users or users group.
at the very bottom of my list i have a default one.... this may be best to use for anybody who connects but put your configs for users and groups above the default as they will use the first that applies.
post again if you require any further infi...
02-02-2019 09:25 AM
@Mick_BallThank you so much for your response.
I have a RADIUS authentication method setup for contractors today for on-demand. I can't think of having my internal users using always-on without having to go through RADIUS authentication at the same time my contractors using RADIUS.
can you please provide me any ideas how to accomplish this?
thanks.
02-02-2019 09:32 AM
Sorry @SThatipelly, i dont understand what you are asking,
I understand that your contractors are on demand with radius but not sure what you need for internal users.
02-02-2019 09:38 AM
What authentication method do your internal users have.
02-02-2019 09:51 AM - edited 02-02-2019 09:53 AM
I am trying to configure always-on with LDAP authentication for my internal users, meaning my users should connect to the network with their AD creds as soon as they go outside. At the same time, my contractors should use RADIUS for on-demand.
02-02-2019 10:12 AM
Yes you can do this but i have never tried it.
you need to set up an authentication sequence.
if you have more internal users than contractors put ldap first, if more contractors than internal users then radius first.
then place this in the authentication section of the portal.
then on the agent section... add a config called contractors, add each of the contractors login id. Set the app here to on demand
then add a config called default. Leave the users blank, set this app to always on, plus any other options needed.
for both , set authentication overide, also allow this on the gateway. Then they can both share the same gateway also.
do as much as you can, if you get stuck i will go into greater detail but get the authentication sequence working first.
02-02-2019 10:49 AM
@Mick_BallSure. But, before doing it, I justhave couple of final questions(As it is on production firewall, I'm trying to gather as much info as I can). My cuurent setup has RADIUS for gateway authentication. As I am doing the auth override on portal, should I be least worried about this tab on gateway?
Am I correct in assuming that keeping the current config on GAteway as is but adding new "client settings" config(Diff pool for internal users) will work?
thank you so much.
02-02-2019 11:56 AM
Im not sure what you are asking, if it helps... you can have auth overide and radius on gateway. If the user does not have auth overide cookie then it will fall back to radius.
if you cannot afford to mess up your config, why not set up a loopback address and test on that.
02-02-2019 12:07 PM
Also... you dont have to use auth overide.
if you have auth sequence in portal then just have the same auth sequence in gateway.
i just prefer overide... especially for OTP.
02-04-2019 06:26 AM
thank you. I'll try it and keep you updated with the result.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
