Create a Post
Showing results for 
Search instead for 
Did you mean: 

Restrict Client2Site VPN User Group to connect from specific public IP addresses


I would like to ask if it is possible to define whether a specific User Group can connect to the Gateway via RAS VPN but only from specific public IP addresses.

I am aware that there are some fields such as "Known Locations" in the User object properties, or "Known networks" in the Access Role Properties, but these  Source Networks/IPs get applied  only after the VPN connection has already been established.


Thank you.

0 Kudos
1 Reply

VPN traffic is generally allowed through implied rules.
Further, even if you can establish a VPN, it doesn't mean the end user is allowed to go anywhere.

If you want to prevent establishment of VPN from certain IPs, you'd have to disable the relevant implied rules.
There isn't a user-specific way to do that.
0 Kudos