Creating a UserVPN Profile
When you use a VPN (Virtual Private Network), a user is dynamically assigned a virtual IP address when connected to a gateway. You can define resource-access policies based on the users. For example, you can have one policy for all users and then give different policies to different departments and business groups.
The profile-based security policy lets you define security rules to a target address, protocol, and ports. The default rule for a profile can be configured as deny all or allow all during profile creation. This capability allows flexible firewall rules based on the users, instead of a source IP address.
The security policy is dynamically pushed to the landing VPN gateway when a VPN user connects. It is only active when a VPN user is connected. When a VPN user disconnects, the security policy is deleted from the VPN gateway.
To create a VPN Profile:
-
Go to Aviatrix CoPilot > CloudFabric > UserVPN > select the Profiles tab.
-
Click + Profile.
-
Enter the following information:
Setting Description Name
Enter a name for the profile.
Base Policy
Select one of the following:
-
Allow All: Select this option to enable access to all CIDRs except the ones you specify in the table below.
-
Deny All: Select this option to disable access to all CIDRs except the ones you specify below.
+ Deny Rule or + Allow Rule
-
If you selected Allow All above, click + Deny Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile.
-
If you selected Deny All above, click + Allow Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile.
-
For simplicity, Allow Rules are not permitted if you select Allow All and Deny Rules are not permitted if you select Deny All.
-
CoPilot does not allow the use of a Hostname, such as www.example.com, in place of a CIDR range when adding policy rules.
User
To assign a user to this profile, enter the user’s name and press Enter.
-
-
Click Save.
The VPN profile is saved.