Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
1
Replies

SSL VPN - Control access based on AD group

Go to solution
abimadaro4462
Level 1
Level 1

‎02-15-2021 11:24 AM

Hello,

I've a case where the SSL VPN Firewall needs to be integrated with the AD, based on AD the access should be controlled. The only way that comes into my mind is to configure different group policies and different IP pools for different departments, then apply a VPN filter on each group policy to control what that IP pool can access and what not.

Any other suggestions / best practices?

 

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-15-2021 11:31 AM

@abimadaro4462 

Yes, that'll work fine.

If you used ISE/RADIUS, you could dynamically assign the IP Pool or DHCP scope based on AD group membership, without using multiple group policies. You could also apply a Downloadable ACL (DACL) instead of VPN Filter. Alternatively you could deploy trustsec for segmentation.


HTH

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎02-15-2021 11:31 AM

@abimadaro4462 

Yes, that'll work fine.

If you used ISE/RADIUS, you could dynamically assign the IP Pool or DHCP scope based on AD group membership, without using multiple group policies. You could also apply a Downloadable ACL (DACL) instead of VPN Filter. Alternatively you could deploy trustsec for segmentation.


HTH

0 Helpful
Customers Also Viewed These Support Documents