Hello all,
We have now changed internally from a Cisco ASA to a Watchguard M670 and have unfortunately not yet found a way to redirect different user groups when logging on via SSL VPN in different networks to separate them from each other. The knots in the head after such a change are probably just the biggest problem and I would be grateful if someone shows me a solution.
DeejayCa is correct. Are you currently working with a partner, or are you a partner? If you are fighting other issues, I am happy to chat with you. I’ve been using WG about 18 years. Even so, this forum is a great resource that has some very knowledgeable users.
Could you use AD or Radius authentication based on group, and separate them that way? You could use Firebox local groups too I suppose. You can then use your Groups to define policies to allow/deny access to resources. Just put them above your autocreated SSL VPN Users policy that the firebox makes.
As for dropping them to separate subnets, what’s the advantage other that clarity ? I presume you’re trying to control access to resources based on subnet?
DeejayCa are you using WG SSO? I haven’t used it in a few years, with mixed results. I should roll it out at 40+ user client. Any tips, suggestions or pitfalls you tran into?