Mike Smithson Posted February 8, 2023 Share Posted February 8, 2023 An alternative is to stand up an additional Access Gateway vServer for trusted networks users, controlling access by IP address using a responder policy. However we are trying to get away from having multiple URL's for end users to remember. Link to comment Share on other sites More sharing options...
Chris Chau Posted February 9, 2023 Share Posted February 9, 2023 Yes. By using nFactor Auth approach, you may setup a Factor, with No-Auth policy, to distinguish the client source IP and see whether it is within a defined internal subnet. If yes, will go to the next Auth Factor directly. If no, will go to an EPA Factor, and then to the Auth Factor.Using the nFactor Visualizer to configure will be easier for you to track the flow. Link to comment Share on other sites More sharing options...
Mike Smithson Posted February 9, 2023 Author Share Posted February 9, 2023 Many thanks Chris for the info, If I understand that correctly - Create a no auth policy as your first factor, within that auth policy check for client source IP --> if IP is trusted go to next factor login --> if no go to EPA factor and carry on to auth factor. Link to comment Share on other sites More sharing options...
Chris Chau Posted February 11, 2023 Share Posted February 11, 2023 Yes, something like that: And in the first Trusted-IP factor, the trusted-ip-pol policy is like that: The Other-IP policy is like that: You may try other combinations and alternatives going on and on. Good luck~! Link to comment Share on other sites More sharing options...
Mike Smithson Posted February 11, 2023 Author Share Posted February 11, 2023 That's great Chris. Many thanks for taking the time to put the visual explanation together. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now