Jump to content


Photo

Client to Site VPN Allowed Access Times/Time Limits

NG400 VPN NG Firewall

This topic has been archived. This means that you cannot reply to this topic.
3 replies to this topic

#1 Cory Champney

Cory Champney
  • Members
  • 3 posts

Posted 30 August 2012 - 10:54 AM

How do I set up time ranges that remote users are allowed to VPN in during? Or set up a time limit that will disconnect them when the limit is reached?

My primary goal is to prevent users from connected except for specified time ranges.

#2 Bernhard Patsch

Bernhard Patsch
  • Barracuda Team Members
  • 119 posts

Posted 30 August 2012 - 12:10 PM

Why not use timed firewall objects for preventing any traffic passing through the Firewall?
Fire up NGAdmin, open your Forwarding Firewall ruleset and create a rule similar to the one shown in the attached screenshot.

Some notes:
* time objects are only visible if you enable Object Viewer on the left.
* The context menu in the Object Viewer allows to create and/or modify Time Objects

Matching criteria:
Option A)
* Source Network should be match the Virtual IPs of your VPN clients (as defined in VPN Settings / Client Networks) and leave User object empty
Option B)
* You can also use the predefined User Object "All VPN Users" to make sure that this rule only matches your VPN users.
In my screenshot I mixed A) and B) to make it "super-super secure" ;-)

#3 Bernhard Patsch

Bernhard Patsch
  • Barracuda Team Members
  • 119 posts

Posted 30 August 2012 - 12:17 PM

Sorry, I'm not able to upload screenshots, so I'll describe the workflow instead.

a. Enable the Object viewer checkbox in the "Edit Rule" window on the left
b. add Source network, either option A) or set it to World (option B)
c. Create/modify Service/Destination as needed
d. create a new time object in the Object Viewer (Right mouse button > New Time Object)
e. select the time range when to allow/disallow traffic. Use checkbox Terminate Existing if you want the firewall to terminate existing connections if the time range expires.
f. assign the time object to the Firewall rule. This option is on the bottom of the Rule Edit dialog (left of Authenticated Users)

Benny

#4 Cory Champney

Cory Champney
  • Members
  • 3 posts

Posted 30 August 2012 - 12:17 PM

Thank you. I will take a look into this.