Hi! We have locally managed Connectra R66.1 integrated with MS AD (i.e. all users are External).
Our workers sometimes visit our business partners and connect to the Connectra from their LANs. And we want to allow different applications and different Endpoint Compliance/Secure Workspace policies depending of location (source IP address) from where our users connect. For example, 3 types of location: Trusted Partners, Untrusted Partners, Internet. And we want for users connected from Trusted Partners' LANs to allow all applications, from Untrusted Partners' LANs - a set of applications in Secure Workspace, from the Internet - another set of applications in optional Secure Workspace. The question is how to do it for External users. I don't understand why but parameters at Location tab in User Properties mean absolutely nothing for Connectra. SCREENSHOT: http://ipicture.ru/uploads/100715/9N62TeoMo4.png Despite the fact I limit allowed source range, internal user is able to connect and authenticate from anywhere :( I tried the following methods but they didn't work: - set source range in Location tab of User Template Properties, then associated the Template with LDAP Account Unit at Authentication tab: SCREENSHOT: http://ipicture.ru/uploads/100715/2lb6CEbIAD.png - using RADIUS authentication (IAS + AD) I examined RADIUS queries, but found only Connectra's own IP-address in all IP-related records (NAS-IP-Address [code 4], Client-IP-Address [code 4108]) Can anybody offer a solution? Regards, Konstantin Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
