How to limit network resources for IKEv2 users?
I've got my mobile VPN working just fine using IKEv2 on my Watchguard T70. I'd like to limit the network resources available to IKEv2 users when they connect but haven't been able to find documentation on this so far.
Does anyone know if this is possible?
0
Best Answer
-
Disable the "Allow IKEv2-Users" policy and replace it with any policies that you want to allow the desired access From: specific IKEv2 users or the IKEv2-Users group.
If you have some lower precedent policy which allow access from IKEv2-Users such as From: Any, then you will need to address those too.More specific requirements get better suggestions sooner ....
In spite of my many years in IT, I still can't read the minds of the ones who post, or for that matter, the one of my wife ;-)5
Sign In to comment.
Answers
You can set up Traffic Management actions and apply them to a policy which allows outgoing (Internet) access from the IKEv2-Users group.
Define a Traffic Management Action
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/qos_trafficmanagement/traffic_mgmt_actions_define_11_9_c.html
Thank you for the response Bruce!
When I mentioned "network resources" I wasn't referencing bandwidth, but specific IPs on my LAN. For instance, how would I be able to limit a connected IKEv2 user to accessing only a single IP or IP range on my LAN?
Thank you again for the tip Bruce. Got it working perfectly now.