We are implementing a Nordic-Edge Server that provides radius and otp services. Once you have enter the user/password credentials in VPN-SSL portal , you get another screen which prompts you for the OTP that is sent by SMS.
The auth is OK , but the security policies are based in Active Directory users and groups. In order to solve it we are implementing a Captive Portal which is never shown.
As soon as you authenticate through SSL-VPN, we know the user and Captive Portal rules don't kick in anymore. Captive Portal rules are only applied for unknown-users. Based on what kind of firewall you have, you could setup two vsys and route traffic between them. The first vsys would terminate the SSL-VPN and then route traffic to the second one, which runs Captive Portal. User-ID information is not shared among vsys, which means that even though the first vsys identifies the user correctly, the user would be unknown for vsys two and Captive Portal rules would be applied.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!