usg flexH, SSL VPN and multiple ACCESS RULES

snowbike

in the old usg and usg flex it was possible to create multiple ssl vpn with differentiated accesses, allowing administrators to divide accesses based on the username that connected with their VPN credentials... now, with the new USG FLEX H, how can I create connections with differentiated accesses? the connection client I use is OpenVPn Connect..tks

PeterUK

You should be about to control access per user with firewall rules

snowbike

tks PeterUK .. I will try to understand how

snowbike

I'm trying to use firewall rules to make sure that a specific user who logs in to SSL VPN can only see one server inside the structure, but the problem lies in the VPN configuration mode, at that stage I declare what users can reach inside: most can navigate throughout the internal network, but to connect the user mentioned above, I have to add him to the list of users (otherwise obviously I receive an authentication error), but in this way the rule indicated in the VPN prevails and the user navigates everywhere .. PeterUK could you give me an example of a configuration of this type? with the old USG it was very simple

PeterUK

Either you have a rule that allow SSL VPN to to everywhere or user control does not work?

It might be that SSL VPN is simple in FLEX H at this time.

I will try a SSL VPN setup my end to control two users that each can only access a given server and let you know.

PeterUK

So with SSLVPN subnet 192.168.51.0/24 and two users UserSSLVPN1 and UserSSLVPN2

I have two HTTP servers on LAN 192.168.255.193 and 192.168.255.195

with the following firewall rules

UserSSLVPN1 can connect to server 192.168.255.193 but not 192.168.255.195

UserSSLVPN2 can connect to server 192.168.255.195 but not 192.168.255.193

snowbike

yes you were right Peter .. by disabling the SSL_VPN to any outgoing rule and setting the specific rule for the user, it works perfectly ... thanks a lot for the support