Location Awareness Clarifications

stich86 — Thu, 28 Jan 2021 20:22:56 GMT

Hi all,

I need a clarify on how Location Awareness works with Endpoint Client.

Currently i've an HA Pair of CP that will only server for SSL\IPSec Endpoint (using alwasy-on and machine authentication), so the main goal is to avoid client connection when a laptop will be into our Office.

The first option, to check if a client is connecting to an internal interface, is not feasible because as i've said this cluster it's on our DC and cannot be reached to a private interface from the office, but just over a site-to-site VPN. Third option of DC also is not a good solution because we are passing all Active Directory stuff over VPN. So i've configured the second option, added our office and DC subnet to internals network (and also specified our Wifi SSID).

Because we are still in smart-working (and cannot have access to office), i've setup a new SSID at my home using one of the subnet of internals network specified on SG. Then i've disconnected manually the VPN client (using "trac disconnect"), then connect again but it looks like that the source subnet is not considered as internal but just as external.

Do I need to add also the public IP inside the internals network?

Thanks in advance

Re: Location Awareness Clarifications

PhoneBoy — Mon, 01 Feb 2021 03:21:32 GMT

Is that segment you set up at home also in the RemoteAccess encryption domain?

Re: Location Awareness Clarifications

stich86 — Mon, 01 Feb 2021 07:46:11 GMT

Yes,

One of the subnet is also into RemoteAccess because I need to reach some resources into my office (NAS, DC and other services)

Re: Location Awareness Clarifications

PhoneBoy — Mon, 01 Feb 2021 22:50:08 GMT

A TAC case may be needed here to clarify what's going on.

topic Re: Location Awareness Clarifications in Firewall and Security Management

Location Awareness Clarifications

Re: Location Awareness Clarifications

Re: Location Awareness Clarifications

Re: Location Awareness Clarifications