- Local User Groups
Hi, I need some tips/recommendations how to control access from remote offices.
Today one main headquarter with all servers behind with two 3200.
20 small remote offices using 730 SMB firewalls with VPN to the 3200.
I want to control so only Windows AD joined computers have full access through the vpn tunnel.
All other devices should have limited access, for example printers, thin clients etc.
I can see 3 different approaches:
1. Control the vpn traffic in the 3200 firewall with user awareness.
2. Control the vpn traffic in the 730 firewalls (I think they also have user awareness with an Active Directory connection)
3. Setup 802.1x wired authentication in all remote switches and control the traffice with different vlans.
What would you do and why?
Ok so If I enable Identity Awareness on the 3200 firewall and configure Active Directory as an Identity source it can control the vpn traffic that is initiated from a domain-joined computer in the remote office?
I thought it only could control traffic initiated from behind the 3200 firewall.
If it is correct then it is a simple good solution.
Do I need Identity Agens on every remote computers or will it work with clientless Activie Directory queries?
Just to expand on this then as you are looking at using Active Directory joined machines then after setting up the IA Collectors then make sure that in the Access Roles that you create that not only do you specify Users but also specify Machines.
The Default Machines setting is Any Machine. If want to enforce AD joined machines then make sure that use the
That way the machine must be part of the group(s) that add so would have to be AD joined.
So would be controlling to users over the VPN to specific resources and would have to be from specific machines.