Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rodrigo_Mezetti
Participant

Do not view LDAP groups

Hey guys

I need to limit user authentication on vpn using endpoit security and even located in the community "remote access" and there is "all users" but there is no ldap groups for me to do this configuration, only the local group that I created and the local user appears .
In the environment I have several rules that are related to users in the ad, and I came across this situation.

Has anyone ever experienced this ?

 

 

0 Kudos
6 Replies
the_rock
Authority
Authority

For something like that, use accessroles, not remote access groups.

 

Andy

PhoneBoy
Admin
Admin

That doesn’t prevent you from authenticating to the VPN but it can be used to prevent you from going anywhere if you do connect.
Preventing you from authenticating at all using anything other than a locally defined group of locally defined users is an RFE, I believe.

Rodrigo_Mezetti
Participant

I made the configuration creating and users / ldap group, indicating the path of the group in the active directory that has the users inside and it worked. Now only those who are in this group are authenticated.

 

Tanks

Karan0587
Explorer

Hey  Mate,

 

I am trying to do the same, could you please share the config of AD and access policy as well.

 

Regards

Karan Sharma

0 Kudos
Rodrigo_Mezetti
Participant

hi man.. sorry my english..

I created an ldap group, on the right of the smartconsole in user - ldap group. I informed the full path of the OU that has the users who will be able to "authenticate in vpn"
example:
dn-prefix set box
CN=AUTH_VPN - ,OU=Client_vpn,OU=Group,OU=test,DC=testlocal,DC=com,DC=br which is the path you can take in active director via adsi editor

After that I created the rules on the blade firewall/app access rules with the access that each user can have after authenticating, and set vpn ( remote access).
Some accessing remote desktop, others ssh , all under different rules and stating .
Remember to inform the group in the VPN domain of the internal servers in the gateway or cluster properties,

0 Kudos
Karan0587
Explorer

Hi Rodrigo,

 

Thanks for your reply so authentication is fixed following your method although i am still confused as how to restrict the ports on the basis of some security groups only for eg i am attaching a rule  which has access roles in source of security group with RDP access only and allowing 3389 tcp port.Is this the way or i have to create an inline layer underneath the actual remote access policy, can u share ur config ( blur the org details).

0 Kudos