This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About simonbrazil
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About simonbrazil
08-18-2015
4Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by simonbrazil
| Subject | Views | Posted |
|---|---|---|
| 2485 | 08-31-2011 11:41 AM | |
| 2486 | 08-30-2011 01:47 PM | |
| 2946 | 08-29-2011 03:25 PM |
User Badges
Community Statistics
| Member Since | 05-04-2009 11:00 AM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Posts | 4 |
08-31-2011
11:41 AM
Phil, I don't think this response was meant for this thread. Thanks
... View more
08-30-2011
01:47 PM
Thanks! Took a few minutes to figure out how to do it, so for anyone else interested: Create an Authentication Sequence with the selected user profiles. The Authentication Sequence object is then selectable on the SSL-VPN configuraiton. This will attempt to authenticate the user against each profile in the selected order. However, I am still falling short of my goal. I have now successfully permitted both user groups, using different authentication mechanisms, to access the same networks through the SSL-VPN. But, I want to control their access uniquely. Since they belong to the same SSL-VPN, get dropped into the same zone, etc, I don't see a way to limit their access. I have not yet tried defining users in the security policy rules because one of the goups is for a large group of RADIUS users where I have not previously had to define each user manually in the system and I am hoping to avoid that. Without defining them, it does not appear possible to select a UserProfile in the user column of the security policy. And, I don't even know if it would work. Does the username used to authenticate to the SSL-VPN get passed to the security policy for access verification based on user filtering in the policy? Thanks again for the quick answer...any tips on further controlling access to the different groups of users?
... View more
08-29-2011
03:25 PM
I'm hoping I'm missing something obvious here...is there a good way to support SSL-VPN access for different types of users who require different access and use different authentication schemes? I am trying to setup multiple SSL-VPN tunnel configurations for different types of users. Initially, I was hoping to use a single SSL-VPN configuration and simply differentiate by user. However, it doesn't appear that PAN is setup in this fashion. My goal is to support different users have different authentication schemes and require different access (Employees versus Contractors). So, I set out to create a second SSL-VPN tunnel configuration. Unfortunately, I have hit a problem I don't know how to overcome: * First, I had to create a separate SSL-VPN tunnel to support different authentication profiles (Radius AND LocalDB) as well as to control access differently for each group. * Second, I had to create the new User Profiles * Third, to create a new SSL-VPN tunnel, I have to create a new tunnel interface and associate it with my zone of choice * Fourth (and this is the issue), I had to create a new IP address on my external interface. This is because I can't use the same IP address on the same external interface as is already used in the first SSL-VPN. (This is the selection on the "Choice" option of the "Gateway Address" configuration section in the Add/Edit SSL VPN dialog window). However, this fourth step is not possible (at least in my environment). I can't add a secondary address to the external interface in the same network as the first address (192.168.1.1/24 and 192.168.1.2/24 for example). And, since I don't have another network of addresses to use on the external interface, I am stuck. Any ideas? Thanks!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:06 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks