Limit SSL VPN connection from specific adresses

Hi experts,
The request is to discriminate VPN access from the IP originating the connection BUT only for some users groups:
GroupA has host enforcement with TDR and can connect from any ip
Group B does not have host enforcement and can connect the SSL VPN only from some specific public ip.
Is it possible to do so?
Thanks for any help you could give me!


  • Options
    edited October 2021

    Because you want to allow GroupA from any Internet IP addr, I don't see how to do what you want for GroupB.

    The only place I see to could control SSLVPN access via IP addrs is on the WatchGuard SSLVPN policy From: field.
    Specifying specific external IP addrs there and removing Any-external, would prevent GroupA access from any external IP addr.

  • Options

    Depending upon the resources users require, would the Access Portal be a more viable solution than a VPN connection?
    This would eliminate the need to differentiate between computers with TDR and those without.
    If you have licensing for the Access Portal anyhow.

    Just a thought.


    It's usually something simple.

Sign In to comment.