11-14-2017 11:14 AM
If you have users who VPN in and you know their public IP then sure you can allow vpn only from those IPs in Security Policy and block access to IP where vpn is terminated by all others. But what is the benefit?
11-14-2017 11:21 AM
@Raido_Rattameister. Are you saying that if you add a policy to block a certain ip or subnet on the external interface that it will overide the built in (i assume that terminology) rule for portal and gateway. I have no need to ever go there but just curious. I cannot think why you would need to do this!
11-15-2017 01:17 AM
both portal and gateway are 'accessed' through the untrust to untrust security policy, so if you want to block certain countries from being able to vpn in, you can use GeoIP (or the actual IP addresses) in a security policy to block those countries/IPs.
Once the vpn has been established, the traffic inside the tunnel will originate from the tunel interface, so all users will be identical from a 'source' perspective. you could still leverage UserID and group membership to provide different access privileges
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
