1. You can do this for a admin user from AD, as you can mention the source user as well as the source ip-address in the same security policy which I mentioned in my previous update. Here are the requirements for it - user identification needs to be enabled on untrust interface - AD needs to have the mapping of public ip-address and the user so that firewall can poll that information and map it to the security policy There can be some drawbacks too: - Firewall will try to talk to AD to resolve a name for any public ip-address coming on untrust interface. This is will be a very high process intensive and can also have lot of system logs of failed attempts 2. Firewall might not map a local admin user and its ip-address for access to the firewall itself. This can be a feature request which can be discussed with your account/sales team.
... View more