Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ALamers
Explorer

customer want 2 different access per IP for the remote access VPN

Hello

 

Maybe someone have experience with the problem, the same user should have access to different resources behind the firewall based on the VPN remote connection IP, so the user should be able to connect to one public IP on the firewall and have access to one part of the environment and when he connects to another public IP he get access to another part of the environment based on the IP that is assigned to the user, the user should use the same credentials to the authorized.

 

 

(The other issue is that the users may need access to both VPNs, and if they are using the same AD account I cannot see any way of differentiating the two connection other that a different public IP!)

 

I am not even sure that Checkpoint is able to do so, other firewalls are able.

 

Kind regards

 

Andreas

 

 

0 Kudos
1 Reply
RS_Daniel
Collaborator

Hello,

AFAIK it is not possible to assign different permission to users based on the external interface they connect to. We did this with some customer but using two different gateways, each one with its own office mode pool, so the same user would get a different office mode IP depending on which gateway he connects to and creating rules based on IP's and not on access roles, in this case you we needed to assign IP's statically to each user (sk33422).

If gateways are in different sites, you would need to route the vpn client traffic between them to make the resources be available from both gateways. HTH.

Regards

0 Kudos