hi, it is possible from SSL VPN (watchguard) to use the Firewall policies, I explain I have a user who connects from outside the company but he manages to bypass policies such as adult sites etc.

Thank you


  • Options

    Add desired policies, such as HTTP, HTTPS etc., From: this user or from SSLVPN-Users,
    or add SSLVPN-Users to your existing policies.
    Make sure that these policies are above the automatically generated "Allow SSLVPN-Users" policy.

  • Options

    Thank you Bruce !!

  • Options

    Hi, Cristiano,

    We've gone further and disabled the default Allow SSLVPN-User rule. Then I've created groups on the firewall that match groups in AD ( We use AD authentication but you could still use group in Firebox-DB.) I've then setup rules that use these groups to allow only specific access like normal firewall security. These groups are also in the Mobile VPN SSL Configuration under Authentication Tab. For example I've a group to allow RDP to specific desktops..

  • Options

    Great idea !!

  • Options

    I have done the same thing as Dave. When I connect from my laptop via SSLVPN, I have full network access because I work a lot from Starbucks. When my wife connects via SSLVPN from Starbucks, it's just ot have her protected and she gets only Internet access. I have an SSLVPN-Users-Restricted group for her that prevents LAN access. I did that setup after her laptop got infected from a bad web site while at Starbucks.

    Gregg Hill

Sign In to comment.