The security policies creted based on users are not being matches by these users when they authenticate via SSL.
In this scenario the SSL VPN configuration is working, the scope is to implement policy filtering based on authenticated users.
This example will take reference to upper scenario.
->in this scenario SSL VPN was configured, and is working.
->the remote users can access the SSL VPN gateway
->users were created
->two users are being authenticated via SSL VPN
=>diferentiate permission is wanted for users, for example, CLIENT1 to have access all internal network and for CLIENT2 to have access only to Server
First Step: create security policies for both users
->for the sake of simplicity, security policies focus on User filter.
Source Zone: any
Destination Zone: any
=>the policy will permit clien1 to have acces to LAN network
Source Zone any
Destination Zone any
Destination Address/Region 126.96.36.199/32
Action Select Permit.
=>the policy will permit client2 to have access only to server from LAN
If only this is configured the policies will not take effect for client1 and client2 users, the policies will not be matched.
In order to implement diferentiated permission based on vpn user, after security policies from FIRST STEP have been configured, Authentication Policy needs to be configured on firewall
under Policy ->
Source zone: any
Dest zone: any
Source address: <virtual ip range configured for SSL users>
Destination address: any
After the Authentication Policy was configured the firewall will implement filtering based on security policies created for users.
->client1 will have access to all LAN network
->client2 will have access conform policy , to server.
Verification if the configuration is working:
a. Verify the Security Policy counter is matched
b. Input "display firewall session verbose", the Username appears in the result