11-21-2011 01:50 AM
Hello,
One of our clients want to know if it is possible to build policies based on computer membership to AD groups.
In this situation we want to differentiate between computers that belongs to AD and which do not in purpose of VPN connections, so that users won't connect from private computers with SSL client.
Regards,
Piotr Bratkowski
11-23-2011 07:09 PM
Currently, we only do "user" identification through Active Directory. One option to acheive what you want is to use "Global Protect" feature for all internal and remote users to log in to corporate network. It basically replaces ssl-vpn for remote users. You can configure "Computer Name" under HIP Profile for Global protect users to be identified only when they try to login through that particular computer. Again, there is lot of manual work required for it to work, you need to manually enter each compuetr name under HIP profile and match registery entry realted to that computer.
https://live.paloaltonetworks.com/docs/DOC-1757
Please feel free to contact us if you have question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
