How to create Portal that allows NetExtender to only one IP?
Running a SMA 410 that currently allows access to our network for our employees with the NetExtender and Virtual Office. We host an application that requires the client to make numerous TCP connections to the server and we need to support other countries to connect to it. I'd like to create a second domain/portal that will only allow NetExtender access to one IP address in our network (instead of the entire network) for those other countries.
Short of purchasing a second device, is it possible (and if so, how)? I can't seem to wrap my head creating it.
Thanks in advance for any suggestions on how to do this.
BWC Cybersecurity Overlord ✭✭✭
Hi @Craig_S this can be accomplished with the correct Policies. I always have a Deny ALL Policy with Priority 9999 and give the Users or Groups the needed Access by specific Allow Rules.
IMHO you don't need a 2nd portal, assign the Deny ALL Rule to the Domain (Group), put your internal Users in one Group 'Internal' and allow the access to the Network with a Policy (Priority 1). Add a 2nd Group "External" to the Domain and allow just the single IP with a Policy (Priority 1).
This should do the trick.
Thanks @BWC, I'll examine the policy route, but because of ECP profiles (particularly making sure the computer is a member of the domain and AV requirements), I think I'm dead in the water pursuing this without turning off ECP.
@Craig_S do you mean that your "External" User should connect without ECP?
Yes, that is correct. The External users would not be subjected to an ECP inspection. Can this be controlled via policy?
EPC is enforced on Global, Group or User-Level, shouldn't it be fine if you disable EPC on your "External" User or Group? The Policies are just there for restricting access to Resources/Services.
Found it! Thank you, I was looking for EPC usage under the domain/portal and when I couldn't find it, I assumed it was an all or nothing setting. I truly appreciate your help.