This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
Mahipal_Singh
Employee+
Employee+
‎2018-10-21 11:45 PM

SSL VPN user binding with MAC Address for Secure Workspace

Hello CheckMates,

I am have a customer who is using SSL VPN (Mobile Access Blade) solution with Secure Workspace functionality for external 3rd party vendor users (Around 20K users), now customer is asking for device binding with user for restricting the access for designated users to avoid misuse of their data. (It is basically a Bank and having Loan application accessed by their 3rd party loan distributor or retailer and they are keeping their data safe using  secure workspace but due to flexibility of login from anywhere users can login from any machine and leak the data to competitors)

Client machine are mostly Windows 7, 8. 10 desktop & laptops. 

Customer is looking for user binding with MAC Address to restrict the access from allowed/designated  machines only.

Regards,

Mahi

4 Replies
Highlighted
PhoneBoy
Admin
Admin
‎2018-10-22 02:56 PM

You could configure ESOD to ensure the machine people are connecting to meets some basic set of requirements.

I suppose that could include MAC address, but with 20k+ users, managing that could be a nightmare.

Mapping a specific user to a specific MAC would be an even bigger nightmare.

Another option would be to restrict access to the MAB portal to only come from specific IP addresses.

0 Kudos
Highlighted
Mahipal_Singh
Employee+
Employee+
‎2018-10-23 12:12 AM

can you have explain how we can bind MAC or IP address. Is there detail document for ESOD configuration.

0 Kudos
Highlighted
PhoneBoy
Admin
Admin
‎2018-10-23 06:38 AM

A simple Access Policy rule (in the firewall) should be able to limit access to the MAB portal from unauthorized IP addresses.

The MAC address is in the Windows registry (assuming these are Windows machines) and it would be somewhere under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} (Depending on the adapter).

0 Kudos
Highlighted
Mahipal_Singh
Employee+
Employee+
‎2018-10-23 10:40 AM

Ip addresses are public IPs and not fixed hence not applicable and in ESOD we can not apply more than 1 profile which have OR condition applied on that.

0 Kudos