Limit VPN users

Dylan96
Dylan96 Posts: 21  Freshman Member
Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security First Comment Friend Collector
edited July 25 in Nebula

What is the best way to restrict access to a user in VPN to a single VLAN?

I’m using an ATP100 on nebula.

All Replies

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    You should be able to do a policy rule for a user from VPN to a VLAN

  • Dylan96
    Dylan96 Posts: 21  Freshman Member
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security First Comment Friend Collector

    If I use a security policy, I cannot choose a single VPN user as the source, can i?

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    In stand alone you can.

  • Dylan96
    Dylan96 Posts: 21  Freshman Member
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security First Comment Friend Collector

    I imagined that on prem there was this option.... 

    so on nebula i can't do anything?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,494  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Dylan96 ,

    Currently, there is no feature in Nebula's security policy to restrict a VPN user's access to a single VLAN. However, you can achieve this by adding the users you want to restrict into a group, and then assigning that group in the User field within Nebula's security policy.

    *To create a group, navigate to Site-wide > Configure > Firewall > Firewall settings, and set up the group under Authentication Server and External User Group.

    Engage in the Community, become an MVP, and win exclusive prizes!

    https://bit.ly/Community_MVP

  • Dylan96
    Dylan96 Posts: 21  Freshman Member
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security First Comment Friend Collector

    thank you judy, but I don't have an authentication server, VPN users currently use nebula cloud authentication…

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,494  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Dylan96 ,

    Currently, according to the specifications, customers need to have an external authentication server to implement this feature on the Nebula.

    Engage in the Community, become an MVP, and win exclusive prizes!

    https://bit.ly/Community_MVP

Nebula Tips & Tricks