We want to use an authentication profile that matches against a fairly generic LDAP AD group in the Allow list tab. Is there a way of creating exceptions to the allow list for blocking individual user accounts from using the service, should we need to at any stage?
Okay, then you would need to take them out of your authentification profile under the object tab. Under your LDAP/Radius/Whatever server there is an allow list under the advanced options. It might be worth making a VPN-Allow AD group and putting anyone who needs VPN access under that group, this would keep anybody that is not in that specific AD group access to the VPN gateway.
To my understanding their is no way to do a 'not' statement under this option.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!