Create policy rules VPN Access for different Geolocations
Ally Member
A client has 2 IPSEC VPN USers: 1 works from Belgium, other 1 from USA
He wants the useraccounts only to work from their own region.
So I create 2 policy rules
WAN → ZyWALL, IPv4 source GEO_BELGIUM, Service IKE and User: belgium ext-group-user(AD User!)
WAN → ZyWALL, IPv4 Source, GEO_USA, Service IKE and User: USA ext-group-User(als AD User)
As soon as I specify the rules on user level, VPN doesn't work anymore. How can I make this split happen? Reason is, we have 10 Belgium VPN users and 1 USA, but we don't want all the accounts to be able to log in from USA to minimize the chanse on account compromising.
All Replies
-
Before the VPN connects from WAN to Zywall the user must be any it is only after the VPN connects that Zywall knows the user to control traffic
0 -
So there is no other option to geofence users?
0 -
No if you want to limit access more you can have the remote ends use DDNS so you can have:
WAN → ZyWALL, IPv4 source DDNS FQDN, Service VPN
0
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.7K Nebula
- 191 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 467 USG FLEX H Series
- 308 Security Ideas
- 1.6K Switch
- 82 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 281 Service & License
- 440 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
