03-02-2015 05:49 AM
Our techs often interface with Zenoss, and we have a mobile app that will let us view and interact with the alarms. The problem is we need to establish VPN access first. I also don't want to open the port for the world, and I can't allow a specific ip/range because they will be connecting from various mobile carriers. I'd like to specify an allowed user as part of the rule, but how can I ensure that mobile device will be allowed via user? Can I create a rule for certificate based authentication? Any other ideas?
03-02-2015 01:00 PM
What I understand is you have VPN connection and you want specific users to use mobile devices to access resources. If you are using LDAP based authentication, then create a separate user id and group for mobile users. And create a Global Protect Portal with the user group for mobile users and select Android and iOS under OS. This way only when the both conditions are true, then the VPN will be established.
Let me know if don't like this idea.
03-02-2015 01:49 PM
Not exactly. I'd prefer not to VPN at all. For example, I'd like to create a rule that allowed ANY source from the outside to my internal server on port 80, but only for certain users. I know I can create a rule and specify users, but an iphone that doesn't VPN in won't provide user-id matches to the PAN. After doing some research I believe this is an impossible task, but if anyone has some ideas I'd be interested in hearing them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!