Can anyone help / walk me through this. If you have a SA 700 and want only computers that our part of our domain to be able to access the VPN site (I.E. Do not want people to use their home computers) , what are some options or best practices for accomplishing this?
That looks like what I needed....I do have one more question. A few people VPN with a IPAD, can I assign that policy to a specific realm that will not affect IPDAD users?
Couple of ways you can do this.
You should be able to accomplish this via a custom expression in the role mapping (using user agent variable along with name of your host checker policy)
Alternately, assuming you have a separate role for your iOS users, you can add a user agent string restriction there as well.
Hopefully this helps.
an easier option would be to make ipad users visit https://vpnurl/mobile sign in URL mapped to a REALM created for mobile IOS/IPAD users if feasbile.
Here we use vpn.domain.com for desktops with hostcheck and vpn.domain.com/ipad with no hostcheck (cause mobile devices don't support it) so we use browser restrictions on the /ipad url so desktop don't try and sneak in that route.