VPN access restrictions configuration
This isn't strictly an SSL VPN question, it is regarding the Global VPN. I found what I want to do here: https://www.sonicwall.com/support/knowledge-base/how-to-restrict-vpn-access-to-gvc-users/170505934482271/#Resolution2
It provides the following options:
- 1. Restrict access to hosts behind SonicWall based on Users.
- 2. Restrict access to a specific service (e.g. Terminal Services) using Access Rules.
- 3. Restrict access to a specific host behind the SonicWall using Access Rules.
What I want to do is a combination of #1 and #2. The article doesn't cover whether or not one of these configurations takes priority over the other or if they can be "combined." Long story short, I want to grant specific users access to specific workstations but I would also like them to be able to query a DNS server on port 53 and nothing else (I don't want to give them full access to the host).
You can probably do all that by editing your VPN to LAN and LAN to VPN access rules on the firewall for that particular VPN policy.
Creating the additional service objects, address objects and user groups may be required before editing the access rules.