Create policy rules VPN Access for different Geolocations
Ally Member
A client has 2 IPSEC VPN USers: 1 works from Belgium, other 1 from USA
He wants the useraccounts only to work from their own region.
So I create 2 policy rules
WAN → ZyWALL, IPv4 source GEO_BELGIUM, Service IKE and User: belgium ext-group-user(AD User!)
WAN → ZyWALL, IPv4 Source, GEO_USA, Service IKE and User: USA ext-group-User(als AD User)
As soon as I specify the rules on user level, VPN doesn't work anymore. How can I make this split happen? Reason is, we have 10 Belgium VPN users and 1 USA, but we don't want all the accounts to be able to log in from USA to minimize the chanse on account compromising.
All Replies
-
Before the VPN connects from WAN to Zywall the user must be any it is only after the VPN connects that Zywall knows the user to control traffic
0 -
So there is no other option to geofence users?
0 -
No if you want to limit access more you can have the remote ends use DDNS so you can have:
WAN → ZyWALL, IPv4 source DDNS FQDN, Service VPN
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 293 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 253 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 75 Security Highlight
