Multiple Portals/Gateways

cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple Portals/Gateways

L2 Linker

GP on the fw is setup and working. I have a group of users i need to isolate from everyone else - most of the time.So if they use the url vpn1.mydomain.com they get IP Pool X and specific X policies. If they use url vpn2.mydomain.com they get IP Pool Y and specific Y policies.

 

It seems like i should be able to setup multiple portals and gateways on an interface but i want some confirmation before i start working with a production environment.

12 REPLIES 12

L3 Networker

Hi @GFN182 ,

 

The straightforward solution is to use source user in the security policy to isolate the users without having to build multiple gateways.  GP has User-ID built-in.  I like keeping all of my security configuration in one place.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L7 Applicator

I would go with @TomYoung suggestion.

just one portal with one gateway, then the gateway can have many configs that can differentiate between users vi user-id and distribute ip as required.

 

or just have the same gateway for all and base your policies on user-id only.....

L2 Linker

Unfortunately the same user Id has multiple requirements.

Cyber Elite
Cyber Elite

Unless the authentication needs to be different, you can definitely stick to one portal.

 

Each gateway can have multiple configurations based on user group membership so you can assign different subnets to each user group.

In addition you can reuse those user groups in security rules to limit which access each group gets

If they need to be able to choose when they take certain access, you can set up 2 gateways on the one portal and allow them to pick which one to connect to manually. You can then assign them one IP pool on one gateway and another on the second gateway, then set security rules that allow them access based on user group and source subnet

 

Tom Piens
PANgurus

I’m not sure why you would want to do that...  could you explain why as it may assist in finding another solutiom.

L3 Networker

Hi @GFN182 ,

 

Use groups in your security policy.  You will need to configure group mapping, but with groups a single user can match multiple security policy rules.  The user does not have to change gateways for different access rights.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L2 Linker

The use case is mutually exclusive. One connection will login to our isolated cyber environment. The other connection will give access to our production environment.

Except i would belong to both groups

One portal, two gateways

GW1. Regular users and caseA access to production, IP poolA

GW2. CaseB access to cyber, IP pool B

 

Using two gateways allows manual selection to which environment to connect, security rules for user group and subnetA OR subnetB allow access to one or the other

 

For full segregation you could set up multiple virtual systems and host a gateway on each

 

 

Tom Piens
PANgurus
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!