I was hoping to get couple ideas on the problem that we currently have and cannot give a solution yet.
About a year ago we were able to migrate our old firewalls infrastructure to PAN.
We had 1 firewall facing internet(Sidewinder) - basically for Destination NAT functions, MS ISA server as proxy and main firewall (behind Sidewinder) and Microsoft TMG for IPSec VPN only.
We have migrated all of these legacy devices to a A/P Pair of 5050 with vsys - 1 vsys for Sidewinder, 1 vsys for ISA and 1 for TMG.
Now, because of native functionality of ISA Server, our customer was able to select certain outside(external) users to allow access to Public OWA portal while blocking the rest and users located inside customer's network all were able to connect to OWA.
After we've culminated migration, this functionality being lost and it is very important to implement something similar.
The tools available to us at this moment are:
PA5050 with 22 vsys available
We were working on Reverse Proxy from other brands, but it requires additional cost and we are not allowed to do so.
Please, any ideas or help would be extremely appreciated.
Thanks in advance,
You could create a rule leveraging CP. First create a rule in CP to the external IPs to prompt user with the CP page. Then create a security rule to allow access by source IP filter (based on static IP address or a geographic location) and by source user in a specific AD group to be able to login.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!