With the current situation in the world we are relying on VPN connections to our network heavily. I need some way to control access for different users. For example I want to be able to assign different rules for my IT staff than I do a regular user. Without being able to assign a group policy to a VPN connection and not being able to assign a static IP address to system I have no way of achieving this.
Does anyone have a suggestion for this?
If you use a device for IT staff (say a small MX or a Z3) then you can give lots of access to those devices and different access between them if needed. Then you can use the client VPN for normal users. I am testing this right now 😎
Current state of the union when it comes down to user differentiation and access: Zero Trust.
“Just“ secure access to your specific application with Multi-factor Authorization like Duo.
When you create the VPN account connect once as that user (or what till they have connected once). Once they have connected apply a group policy with firewall rules. This will then stick on then every time they connect.
That does not work properly. I tried that. What ends up happening since the group policy can not attach to a MAC address the group policy over time gets randomly assigned to different systems. I have a policy for IT staff. There are only three of us. When I go in and look at the client list that policy is currently assigned to 10 different systems.
Hi @Gordon
I think you can achive your target with System Manager.
Try it and let me know what do you think about.
Regard,