Comments
-
Ok, this is how I got it to work and why it did not work as expected. Why it did not work. under users/groups/sslvpn services group I had my users as members I created 2 new groups and added the sslvpn services to those groups along with the users I wanted as part of those groups It appears that when you vpn in the 2 new…
-
This is strange. the test user is part of a group I pulled them out of and in the new group. When I check the group that I pulled it our of and look at members the test user is not in the group yet when I mouse over as you mentioned they show in the group. I am rebooting the FW to see what happens.
-
Sorry to return to this chat. I created a separate group and restricted the test user to 2 subnets and 1 host. The host is part of a 10.254.x.x/24 subnet. However this test user has access to other devices within that subnet. Not working as expected
-
I confirmed that permissions work from the bottom up not top down. I restricted the group and gave the test user more access. This resolved the issue.
-
Thanks Pocho. I will try what you suggested. I would think this would work in the opposite direction where users of the group get the group access and then restricting more to a specific user but I will see what happens. Thanks