SSL VPN Security

cancel
Showing results for 
Search instead for 
Did you mean: 

SSL VPN Security

Not applicable

All,

I have the SSL VPN setup and working.  All my remote users have access to the internal resources they need.  The time has now come to add a vendor to access their specific internal server.  So, I will create an user on the PA in the Local DB and configure the VPN to allow them to connect.  My question is, once they connect and authenticate, how to I control their access to only allow access to a specific IP address?  My tunnel in in the trusted zone.

Thanks,

Ken

1 REPLY 1

L4 Transporter

Hi,

You have two ways to apply secuirty on SSLVPN traffic in your scenario:

1. move the tunnel interface to a dedicated SSLVPN zone, so that all traffic from SSLVPN zone to other zone must be explicitly allowed. And you can apply control based on source users or group.

2. keep your current setting but creae policy based on the source user or group that you have given to the vendor.

you can also apply AV, AS and Vul profiles to that policy.

You can review the traffic log and you should see the user id used by the vendor.

Regards,

Jones

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!