My clients connect with Net Extender and they have access to all my network but I want to restrict
Description
Resolution
Scenario:
My clients connect with Net Extender and they have access to all my network but I want to restrict their access to only one or some servers at only given ports.
Procedure:
When you configure the client routes, as you can see there’s only possibility to give access to ranges, networks or host, there’s nothing where to specify the ports that you want to open for your SSL VPN clients.
You need to go to Access Rules (SSL VPN > and there deny the access to the whole network for any service and then create a new rule (s) to allow access as desired.
Please check the following example, here we are denying the access to the whole network and allowing HTTP access to one server, pay attention to the priority of the rules.
We need to create an “Any, Any, Any, DENY” rule so the third rule (created by default and non-modifiable) has no effect.
Now the clients have only access to the IP that's defined on "Mi ip privada" at port 80 only.