How to block & allow SSL VPN users access based on time periods:
I want to limit certain SSL VPN users (members of AD security group) to certain hours of the day. Do I solve this with web filtering profiles or firewall rules? I have seen this question elsewhere on UTMBB and the advice assumes you're blocking outbound internal traffic from web surfing during certain time periods. The goal is to block inbound remote access during certain time periods. This configuration was demonstrated to work in this scenario. The need arose in order to restrict VPN usage based on time of day.
How To:
Created three time definitions, NonWork Hrs AM, Work Hrs, and NonWork Hrs PM. Given, 00:00-07:59, 8:00-17:00, and 17:01-23:59.
Created a user group, ADSecurity Group based on backend membership and have a network group with dynamic membership containing ip addresses of the members.
Created three firewall rules:
1) Allow Source AD Security group (their ip address). Any Services. Destination Internal (Network). Time Period, NonWorkHrsAM.
2) Allow Source AD Security group (their ip address). Any Services. Destination Internal (Network). Time Period, NonWorkHrsPM.
3) Block Source AD Security group (their ip address). Any Services. Destination Internal (Network). Time Period, WorkHrs.
Attachment 9463
The intent is for specified members that VPN using Sophos SSL VPN remote access are only allowed to connect during certain time periods and blocked during others. The secret is the firewall rules have to be positioned at the top of the rules.
Hope this helps & thanks for any feedback,
I want to limit certain SSL VPN users (members of AD security group) to certain hours of the day. Do I solve this with web filtering profiles or firewall rules? I have seen this question elsewhere on UTMBB and the advice assumes you're blocking outbound internal traffic from web surfing during certain time periods. The goal is to block inbound remote access during certain time periods. This configuration was demonstrated to work in this scenario. The need arose in order to restrict VPN usage based on time of day.
How To:
Created three time definitions, NonWork Hrs AM, Work Hrs, and NonWork Hrs PM. Given, 00:00-07:59, 8:00-17:00, and 17:01-23:59.
Created a user group, ADSecurity Group based on backend membership and have a network group with dynamic membership containing ip addresses of the members.
Created three firewall rules:
1) Allow Source AD Security group (their ip address). Any Services. Destination Internal (Network). Time Period, NonWorkHrsAM.
2) Allow Source AD Security group (their ip address). Any Services. Destination Internal (Network). Time Period, NonWorkHrsPM.
3) Block Source AD Security group (their ip address). Any Services. Destination Internal (Network). Time Period, WorkHrs.
Attachment 9463
The intent is for specified members that VPN using Sophos SSL VPN remote access are only allowed to connect during certain time periods and blocked during others. The secret is the firewall rules have to be positioned at the top of the rules.
Hope this helps & thanks for any feedback,