Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

NSA 2700: Can specific users be restricted to connect to SSL VPN from a specific public IP?

C_BC_B Newbie ✭
in SSL VPN

In this scenario I have an NSA 2700 with SSL VPN set up to use domain authentication through RADIUS.

Currently "All RADIUS Users" being in the "SSLVPN Services" group means all users can sign in via NetExtender from effectively anywhere.

What I want to do is subject specific users on the domain to only be allowed to connect if they are connecting from a specific public IP. They also need to be able to use the OTP via Email option. Otherwise the rest of the domain users must still be able to connect from anywhere(without OTP via Email.)

Is this specific scenario possible?

Category: SSL VPN
Reply
Tagged:

Answers

  • Options
    MustafaAMustafaA SonicWall Employee

    Hello @C_B

    If I understood your requirement correctly, you can do the first part but not at the same time the second one. You need to configure WAN to WAN Access Rule for the SSLVPN port. You can specify an "allow" rule for the specific public IPs as the source, and this needs to be followed by a deny Access Rule and "any" as the source.

  • Options
    KelvinKelvin Newbie ✭
    edited January 23


Sign In or Register to comment.