Block SSL VPN access by device
Hi,
Is there a way to block access to the SSL VPN by device?
Let's say user1 has a desktop in a remote office and a desktop at home. I want to allow the desktop in the remote office access and block access to the desktop in their home. I thought about blocking by IP address but both locations have dynamic IP addresses from the ISP. I looked into blocking by the mac address of the device but it doesn't look like the SSL VPN uses the mac address for connectivity.
Thanks in advance.
Best Answer
-
TKWITS Community Legend ✭✭✭✭✭
These types of restrictions are not available for SSLVPN clients.
I suppose you could try a restriction like this with an overly complicated setup of DynamicDNS hosts and GeoIP filtering, but I doubt it would be worth the hassle.
0
Answers
Hi @NTI,
Thank you for visiting SonicWall Community.
It looks like you are trying to block remote access to computer on the local network where the SSLVPN user physically resides and allow remote access to the office computer when SSLVPN connection is in place.
I'm afraid this may not be feasible with SSLVPN feature on the firewall. This is because, the SSLVPN access creates a new adapter on the client PC and you have the LAN adapter or WiFi adapter already enabled on the client PC. SonicWall won't have control over blocking the LAN or WiFi adapter on the client PC.
What could be done with SonicWall is, client PC's Internet traffic and VPN traffic can be passed via the SonicWall instead using the client PC's local Internet connection.
Let me know if this suits your requirement anywhere.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Sorry for the misunderstanding. Both computers are remote. Both computers are using the same username for the SSL VPN. I want to allow remote ComputerA access to the SSL VPN while restricting remote ComputerB from accessing the SSL VPN.
Thanks
Thanks for the information. I agree setting up DynamicDNS and GEO-IP filtering would not be worth the work
Hi @NTI,
I assume both the Computers are from different locations. If yes, possibly creating a DYNDNS on the Computer B location and blocking the same in the SonicWall WAN to WAN access rule for the SSLVPN service. Thereby we allow only the required IP's or domain names to connect to the SSLVPN on the firewall.
There is one more suggestion, since both the computers are using same username while authenticating to SSLVPN there is something called Login Uniqueness and this can be used to prevent the same user name from being used to log into the network from more than one location at a time. This setting applies to both local users and RADIUS/LDAP users.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services