I need my client VPN to support different vlans based upon authentication to either Microsoft NPS or LDAP groups. I want a different vlan/IP assigned to the user depending on which group in Active Directory they are in. Is this configuration possible without purchasing Panorama? Thanks!
... View more
I'm trying to consolidate multiple Layer3 interfaces into a single Layer3 interface using subinterfaces and VLAN tagging, but it's not working. I'm hoping someone can point out the error in my configuration. The current working configuration: FIREWALL ethernet1/2 - 192.168.102.254, untagged, zone 102 ethernet1/3 - 192.168.103.254, untagged, zone 103 ethernet1/4 - 192.168.104.254, untagged, zone 104 ethernet1/5 - 192.168.105.254, untagged, zone 105 VirtualRouter1 - ethernet1/2, ethernet1/3, ethernet1/4, ethernet1/5 SecurityPolicy - rules in place that allow communication between zones. SWITCH port2 - access port, vlan 102 <-> ethernet1/2 port3 - access port, vlan 103 <-> ethernet1/3 port4 - access port, vlan 104 <-> ethernet1/4 port5 - access port, vlan 105 <-> ethernet1/5 I attempted the configuration below but after the commit nothing could be accessed through the firewall. FIREWALL ethernet1/2 - no IP address, no zone ethernet1/3 - no IP address, Layer3 ethernet1/3.102 - 192.168.102.254/24, tagged 102, zone 102. ethernet1/3.103 - 192.168.103.254/24, tagged 103, zone 103. ethernet1/3.104 - 192.168.104.254/24, tagged 104, zone 104. ethernet1/3.105 - 192.168.105.254/24, tagged 105, zone 105. ethernet1/4 - no IP address, no zone ethernet1/5 - no IP address, no zone VirtualRouter1 - ethernet1/2, ethernet1/3, ethernet1/4, ethernet1/5, ethernet1/3.102, ethernet1/3.103, ethernet1/3.104, ethernet1/3.105 SecurityPolicy - same zone rules in place from working configuration. SWITCH port2 - shutdown port3 - tagged vlans 102, 103, 104, 105 port4 - shutdown port5 - shutdown
... View more