Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mahipal_Singh
Employee
Employee

SSL VPN user binding with MAC Address for Secure Workspace

Hello CheckMates,

I am have a customer who is using SSL VPN (Mobile Access Blade) solution with Secure Workspace functionality for external 3rd party vendor users (Around 20K users), now customer is asking for device binding with user for restricting the access for designated users to avoid misuse of their data. (It is basically a Bank and having Loan application accessed by their 3rd party loan distributor or retailer and they are keeping their data safe using  secure workspace but due to flexibility of login from anywhere users can login from any machine and leak the data to competitors)

Client machine are mostly Windows 7, 8. 10 desktop & laptops. 

Customer is looking for user binding with MAC Address to restrict the access from allowed/designated  machines only.

Regards,

Mahi

4 Replies
PhoneBoy
Admin
Admin

You could configure ESOD to ensure the machine people are connecting to meets some basic set of requirements.

I suppose that could include MAC address, but with 20k+ users, managing that could be a nightmare.

Mapping a specific user to a specific MAC would be an even bigger nightmare.

Another option would be to restrict access to the MAB portal to only come from specific IP addresses.

0 Kudos
Mahipal_Singh
Employee
Employee

can you have explain how we can bind MAC or IP address. Is there detail document for ESOD configuration.

0 Kudos
PhoneBoy
Admin
Admin

A simple Access Policy rule (in the firewall) should be able to limit access to the MAB portal from unauthorized IP addresses.

The MAC address is in the Windows registry (assuming these are Windows machines) and it would be somewhere under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} (Depending on the adapter).

0 Kudos
Mahipal_Singh
Employee
Employee

Ip addresses are public IPs and not fixed hence not applicable and in ESOD we can not apply more than 1 profile which have OR condition applied on that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events