Multiple SSL VPN's
I would like the ability to either create multiple SSL VPN configurations, or allow the advanced settings to be modified per SSL Group.
My issue is I have several users that need to use the VPN to login and clock in and out each day. I can make this work by forcing all traffic thru the VPN.
However IT does not need to have this ability forced on them, or they need access to different network resources than a regular user does,
I hope this makes sense.
0
Sign In to comment.
Comments
You can have a group only for your your IT people who use SSLVPN, and have that group name on the From: of desired policies.
The IT people also need to be members of the SSLVPN-Users group.
Hi @HRoberts
This is a global setting, the best compromise I can suggest would be to use custom routes and include the IPs for the timeclock software you're using, which will force traffic to that service across the tunnel.
Another solution would be to use a different VPN service for IT, such as IKEv2, and set that service up to be a split tunnel.
The underlying service that runs SSLVPN (OpenVPN) doesn't support running the tunnels both ways on the same server, so adding an option like this is unlikely.
-James Carson
WatchGuard Customer Support
Hi I know this is an old post but has there been any change on this? I have a customer that needs multiple SSL vpn profiles for different user access level.
How about the use of different user IDs for the different access needs?
Hi @Dinos
You can disable the default Allow-SSLVPN_Users policy and create your own for specific groups. If you need two groups of users to be able to access different items, I would suggest doing that.
See:
(About Mobile VPN with SSL Policies)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_policies.html
(Control user access permissions over Mobile VPN with SSL)
https://techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA2F00000000Kv7KAE&type=KBArticle
-James Carson
WatchGuard Customer Support