Re: host check based on machines IP

SeanSwift_ · ‎04-17-2012

Hi

We are wanting to restrict access to our SSL VPN based on the IP address of the machine, if the IP address is not in the private range 192.168.0.0/16, 172.16.0.0/20, 10.0.0.0/8 we want to restrict access. Does anyone know if this is possible or have any ideas on how we could achieve this?

Thanks

Sean

Lilja_ · ‎04-17-2012

Hi,

You have to use role restrictions> source IP..

User Roles>"Role name">General>Restrictions>Source IP

SonicBoom_ · ‎04-17-2012

as lilja said but you may want to get those IP addresses public ip and instead of restricting, you only allow access from those public ip's

SeanSwift_ · ‎04-17-2012

Thanks for the quick response

some more details to my original question

We are wanting to make sure that all our users are using a router and not a direct internet connection, also our mobile provider issues public addresses for 3G connections, we have a private APN and are wanting to make sure people use this rather than the SSL.

Thanks

Sean

SonicBoom_ · ‎04-18-2012

this will be interesting to see the outcome of this, as it seems you are forcing users to purchase a router if they only have a cable modem. I would consider looking at MAC/certificate/username authentication.

zanyterp_ · ‎04-18-2012

you cannot check the physical ip of the system; you can check the MAC addresses of allowed systems or you can restrict the known ips for your private network.

your best bet will be to use a form of certificate verification