Static IP assignation for SSL VPN clients

KNowak · September 3

Hello.

How to assign specific static IP adrress for SSL VPN clients, for example based on username/password? I have Split Tunnel configuration with two local networks and one client network pool. I would like to assign static IP for every VPN client so it will help me to analyze Security Reports and identify problematic clients. When IP is constantly changing it is very hard to track such client.

PeterUK · September 3

There is no way to do this currently from the UI that I can see.

You would likely have to do this at the client side

Zyxel_Melen · September 4

Hi @KNowak

SSL VPN doesn't support static IP address for specific client/user. Would you like to share your use case for us to evaluate it?

KNowak · September 9

Sure.

Business decided that if remote user is connected to company network, then he is technically 'at work', even when he is using his own PC. Therefore, I decided to filter and log remote users DNS traffic. In SSL VPN configuration, I've pointed Zyxel as only DNS.

When 'Open VPN Connect' client is connoted to company network then my Zyxel becomes primary DNS for this PC. And this is working fine. Great, now I know which remote PC maybe infected or just risky. Here is example screen from weekly Summary Report:

Now I want to identify that user quickly to react for threat... How can I do this?

How to match vpn user with session time, with assigned IP and with security logs? If I will be able to create individual reservation for each user then this task would be simple.

I'm facing simmilar difficulty when in I have two internal DNS servers which are both forwarding queries to Zyxel. In DNS threat view I see my DNS servers as origin of blocked threat and to identify specific PC on local network I need to use packet trace.

Static IP assignation for SSL VPN clients

All Replies

Categories

Security Help Center