MicroNugget: How to Control Connection Profiles with Clientless SSL VPNs

In this video, Keith Barker covers controlling policy and connection profiles with clientless SSL VPNs. Many things can cause the wrong connection profile to be used, and obviously it's a big problem when users get too much or too little access. Prevent that with these tips.

When a user connects to an internal network by way of an ASA, the ASA associates the user with a connection profile. The ASA makes that determination based on the URL the user connected from, or the ASA might offer the user a dropdown menu — a bad solution because the user can easily choose the wrong connection profile but still authenticate.

Whatever the reason, once a user is connected and authenticated with the wrong profile, they'll receive the policies for that profile. But the most likely outcome is that user gets the most general policies, since the appropriate group policies have been missed and also aren't being inherited. Keith shows how to keep users and groups correctly matched and demonstrates preventative steps for keeping policies applied to the right users.

Start learning with CBT Nuggets: