Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

Moving from workstations to Laptop on Domain

We have currently workstations in office. For remote work we use Laptop as a tool to do VPN and RDP to workstations. We want Laptops to be on domain rather than using to it to do RDP. 

now to have this feature working how should be the rules configured? currently to access servers rules are configured IP based. Now when Laptops will move to domain everytime user will do VPN it will have a new officemode IP. We dont have identity awareness blade enabled. 

I also have doubt that do we need additional server other than management server for Smart Endpoint?

Please help me

0 Kudos
Reply
1 Reply
Admin
Admin

SmartEndpoint isn't required here at all, but enabling Identity Awareness will definitely be a good idea.
You could actually create two different Access Roles here:

  1. One that is just specifies the relevant networks/hosts (optionally tie it to specific AD groups)
  2. Another that is Remote Access users 

Screen Shot 2020-08-03 at 12.22.01 PM.png

Make sure Remote Access is a valid identity source in the gateway/cluster object:  

Screen Shot 2020-08-03 at 12.23.21 PM.png

Note the reason I am suggesting an Access Role for the networks versus just using the network objects is because you generally can't mix regular network objects and access roles in the source/destination field of a rule.
Believe this limitation is removed in R80.40.

0 Kudos
Reply