VPN User allow only one or some IP


I've create a SSL Ovpn tunnel to access in in firebox and LAN subnet.
I've create two user: user1 and user2.
I want User1 have the permission to access ALL firebox SubneT and User2 have the permisison to access only one IP (example and the rest of subnet is dropping.

I've create an alias (firewall-aliases) for User2 and have create two rule in Firewall policy, one for allow and in next order for dropp all 192.168.1./24, but don't work.

I don't disable custom allow SSLVPN-User any to any.

Any suggest?



  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    You need to disable the default SSLVPN rule and create your own access policies. The default rule will allow anyone that can authenticate to access anything.

    I would suggest creating the policies via groups instead of usernames (even if there is only one user in the group.) The firebox will interpret User, user, and USER as three separate usernames. The user's group will always return the same way.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.