question about SSL VPN management - improvement and security
scenario:
SonicWALL Firewall
200 SSL VPN licenses
company pc with NetExtender SSL program installed
every users connect from home (smartworking)
a user connects in rdp to his pc in the office.
a user could connect to any resource on the network not just his pc
SSL VPN authenticates users with ad ldap windows.
In the windows domain, authorized users are part of a specific domain group.
The route assigned by the SLL VPN is the entire LAN of the company for everyone.
Can't I put a user-specific SSL-> VPN ACL?
How can I improve and have more security ?
Category: SSL VPN
0
Answers
@Alberto,
You can restrict the IP that the end-user can access based on the VPN access section of the user. Since these are LDAP users, you might need to import them to the firewall and then apply those.
Also, the ACL can be used if you would like to further restrict the service like only RDP or SMB for a specific IP address.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
A little more detail than SHIPRASAHU93 provided:
The way I do this is in the Sonicwall Users\ Settings \ LDAP config \ Users & Groups enable the 'Allow only users listed locally' option. This means you will have to import the users into the Sonicwall Users page before they will be able to login.
In Users \ Local Users & Groups \ Local Groups, add a group with 'members set locally', and under VPN Access set the IP(s) they can access.
Then in Users \ Local Users \ Click the Import from LDAP button. Import the needed user(s). Then add those users to the local group created above.
The important part is the 'VPN Access' tab. Whether or not you utilize groups to manage these rights is up to personal preference.
Hope that helps.
Hello @Alberto,
I hope you are well.
Did these replies answer your question? If so, please mark the appropriate response so that others may benefit.
Kind Regards,
@micah - SonicWall's Self-Service Sr. Manager