I have the SSL VPN setup and working. All my remote users have access to the internal resources they need. The time has now come to add a vendor to access their specific internal server. So, I will create an user on the PA in the Local DB and configure the VPN to allow them to connect. My question is, once they connect and authenticate, how to I control their access to only allow access to a specific IP address? My tunnel in in the trusted zone.
You have two ways to apply secuirty on SSLVPN traffic in your scenario:
1. move the tunnel interface to a dedicated SSLVPN zone, so that all traffic from SSLVPN zone to other zone must be explicitly allowed. And you can apply control based on source users or group.
2. keep your current setting but creae policy based on the source user or group that you have given to the vendor.
you can also apply AV, AS and Vul profiles to that policy.
You can review the traffic log and you should see the user id used by the vendor.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!