Is user based policies on users from SSL VPN possible???

Forum|Forum|4 years ago
August 13, 2021
3 replies
2316 views

Hi all, I need to allow 3 people access from SSL VPN to a few servers in the DMZ. Is user based policies possible and if so, what do I need in order to make that work? We do have RADIUS authentication against Active Directory set up for SSL VPN. We also have a SSL_VPN_USERS user group which has group type firewall and has the RADIUS server as member. I figured a user based policy might be better than a IP/Computer based one in case we change device.

sw2090

SuperUser

hm since the FGT doesn't know your users I don't think you can do user based. But you might be able to use radius groups in policies.

If anyone knows better please don't hesitate to correct me though ;)

adambomb1219

SuperUser

Yes this should work since you are performing active authentication with SSL VPN.

smayank

Staff

Yes you can achieve the same by configuring user in source address and configure destination as your DMZ server. once user logged in to SSL VPN user will be mapped to ip and if packet comes firewall will be able to take action on basis of user policy

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded