Restrict internet once logged in through RA or SNX

Blason_R · ‎2021-04-05

Hi Team,

Is there any way to restrict users internet once they logged on to RA vpn or SNX? I know one way is route the entire internet traffic through firewall and no nat rule for Office mode or force fake proxy entry to browsers so that they wont be able to browse the internet.

However it seems those are global settings and I am looking if this can be done for certain users?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

PhoneBoy · ‎2021-04-05

As those are global settings, you can't make them apply to specific users: it's all or nothing.
However, a Desktop Policy (using Endpoint Security VPN or Harmony Endpoint) can block browsing to the Internet on the client without having to route all traffic.

Blason_R · ‎2021-04-05

Thanks for the reply - In this case I would need separate EPM server? or Desktop security policy option checked?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

PhoneBoy · ‎2021-04-05

Either option should work (depends on if you use EPM or not).

the_rock · ‎2021-04-06

I think you could use desktop policy, for sure. But, why not just create RA groups and then set up regular policy rules to restrict access?

Just a thought..

Are you a member of CheckMates?

Restrict internet once logged in through RA or SNX