policy for specific user

Forum|Forum|4 years ago
August 25, 2021
1 reply
2551 views

Hi, I am trying to setup ipv4 policy for specific user with less limitations. I created user from LDAP , even group synced from LDAP , then when I am trying to set that user or group in the source its not letting me to Apply, its asking to add

"One address, address group, or Internet service is required" as a source , but my user is getting dynamic ip address by connecting with ssl vpn. And i cant select IP address for this user. Anyone can advice how this can be set up? FGT200, version 6.0.10 Thank you

Policy

ac1

Explorer III

In version 6.4.6 you can configure the policy with source network of SSLVPN tunnel and user or group, in destination anyone else. It works.

lobstercreed

New Member

As alluded to by ac, you DO have to use a source address. While the user's IP might be dynamic, I'm sure you can predict the range it will be in, so you can define an address object of the entire DHCP range and use that in the policy. Then it will match both the address in X range and the user abc. It will ignore other users in X range because it is AND logic.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded