Pulse 8.2 - configure limited VPN tunnel access fr...

mparkinson · ‎06-14-2016

Hi All,

I'm wondering if it's possible to configure the PS environment to allow full VPN tunnel access if the users are connecting from their corporate PC's and laptops but only allow limited VPN tunnel access (i.e. RDP via either VPN tunnel or resource profile) if they are connecting from other unknown PC's and laptops?

Is this simple/possible to configure?

Thank you

zanyterp · ‎06-14-2016

Yes, it can be done.
You need two roles: one that allows full VPN tunnel access; one that allows only the subnet/ports you define on the VPN ACL and/or bookmarks for RDP
You will create role mapping rules that send users to the different roles based on criteria you determine

mparkinson · ‎06-15-2016

Hi,

Thanks for the reply.

The users authenticate via AD accounts and they will be using the same accounts wherever they go, so I assume the PS device will need to decipher if they are on a "secure" device or not and then assign access accordingly.

I've had a look at host checker but I think that's either just an allow or deny policy right, can you say i.e. if they don't have these mac addresses then only give them limited VPN tunnel access?

Thanks!

Filbert · ‎06-15-2016

If the Corporate PCs are domain members we typically check for the domain membership using registry key values or check for the device certificate if you are provisioning those to domain members. You do that using HostChecker then assign the correct Role based on the Hostchecker result.

Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Re: Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Re: Pulse 8.2 - configure limited VPN tunnel access from non work PC's

Re: Pulse 8.2 - configure limited VPN tunnel access from non work PC's