Howto - Userbased rules

Last modified on 27 Feb, 2024. Revision 7
User specific rules with Oneconnect
Up to date for
Core 14.00.12
Supported since
Core 13,00,09
Status OK
Author
Tobias Vestin

Prerequisites


  1. Oneconnect server configured
  2. Utilizing Local user database



Creation: Local user database

Head to: System > Device > Users > Local User database

Proceed to create a local user database by giving it a name.

Then head over to Users under the newly created database and add a new user.

In this example we are adding Tiffany.

The important inhere in order to determine rules for Tiffany is the Groups, Tiffany will in this case be apart of permissions1.


Creating: IP4 Address object with groups

If you followed the previous step you should now have the user Tiffany, if the Local user database she belongs to is used in the OneConnect server she is able to login but still don’t have any specific permissions.

To give Tiffany the permissions we need to create an IP4 Address object that search for those groups shes apart of.

Head to: Objects > General > Address Book

Add >IPv4 Address

In this example we are using the address range 0.0.0.0/0, so she may be assigned any address by the OneConnect server, you may also narrow it down to a single ip or the full range of the OneConnect pool.

Head to the next tab: User Authentication

Now give the object the permissions to look for


Creating: Policy using Tiffanys object

You are now able to set policies for Tiffany,

https://docs.clavister.com/repo/cos-core-administration-guide/doc/Rules.html#IP_policies


Related articles

Brian Smart Search (Beta)
15 Jan, 2024 dictionary troubleshoot core stream incontrol incenter oneconnect cloudservice
Configure Clavister OneConnect using deep links
13 Jun, 2022 oneconnect macos ios windows android
Clavister (Classic) SSL VPN vs OneConnect (OpenConnect based) SSL VPN
3 Jun, 2022 oneconnect openconnect sslvpn
How to - Configure your On-Prem firewall to work with the Passwordless VPN SASE service
26 Mar, 2024 oneconnect sase cloud
OneTouch profiles statuses and re-enrollments
5 Feb, 2024 oneconnect sase
Configure Clavister OneConnect for macOS, iOS and iPadOS towards NetWall
28 Apr, 2023 openconnect oneconnect macos ios iphone
Configuring public certificates in NetWall firewalls
18 Mar, 2024 core certificate oneconnect ipsec vpn
Is possible to install OneConnect on Windows 7?
28 Feb, 2024 oneconnect windows
Configure the Android OpenConnect client towards Clavister NetWall
23 Aug, 2022 sslvpn openconnect oneconnect android core
Configure Clavister OneConnect for Windows towards Clavister NetWall
29 Oct, 2021 sslvpn openconnect oneconnect windows
Automatic scheduled backup of InControl server database
5 Feb, 2021 incontrol howto backup windows
Lets Encrypt - error 9814 - chain had an expired certs
13 Oct, 2021 oneconnect macos openconnect ios
DNS suffix not working as expected when using split-tunneling on OneConnect (Windows)
9 Feb, 2024 core oneconnect windows splittunneling dns
Certificate update in InControl global domain on certificate that is used on firewall(s)
18 Mar, 2024 core incontrol certificate oneconnect ipsec vpn
Where to find logs to the OneConnect client for MacOS
27 Oct, 2022 oneconnect log
Configure Linux OpenConnect towards Clavister NetWall
5 Mar, 2021 sslvpn openconnect oneconnect linux core
Configuring SSL-VPN / OneConnect server on secondary Firewall IP address
8 Apr, 2021 core sslvpn oneconnect interfaces arp
OneConnect VPN certificate not trusted
18 Mar, 2024 onetouch sslvpn oneconnect troubleshoot certificate
Configuring a Captive Portal in cOS Core
12 Apr, 2023 howto core authenticator authentication webauth captive
Using Multicast DNS with cOS Core
24 May, 2021 core howto mdns multicast transparentmode airprint igmp dns
How to perform an offline installation of InControl
26 Jan, 2022 howto incontrol installation
Install OneConnect without Microsoft store
25 Feb, 2022 oneconnect windows howto
Automation of Lets Encrypt certificate updates
23 Jan, 2024 core howto certificate management letsencrypt
Use Roles in Cloud Authentication to limit user access to OneConnect
10 Oct, 2024 sase oneconnect core userauth
How do i set up a OneConnect VPN tunnel in cOS core
23 Aug, 2022 core oneconnect
Changing the certificate used by the OneConnect client/server
28 Nov, 2022 core configuration oneconnect
How to - Activate Passwordless RADIUS Authentication Add-on in Clavister Cloud Services
9 Oct, 2024 oneconnect sase cloud radius
How to adjust RX and TX ring sizes (queue lengths) of Ethernet interfaces
28 Oct, 2020 core howto ethernet packetloss cpu
Windows 10 IKEv2 only proposes Diffie-Hellman group 2, 1024 bit - how do I configure it to use group 14, 2048 bit?
16 Sep, 2020 vpn ipsec ikev2 windows howto dh
Using Clavister OneConnect Classic SSL VPN client towards the OneConnect server
29 Jun, 2021 core oneconnect
Forward traffic to a second ISP using Virtual Routing or Policy Based Routing
16 Oct, 2023 howto core pbr routing netwall isp
Clavister OneConnect server using cOS Core as CA Server
11 May, 2023 oneconnect certificate howto
How to setup a simple cloud-init environment for testing
30 Nov, 2020 howto core cloud-init dhcp
Background apps premission
27 Aug, 2024 oneconnect windows
Configure Clavister OneConnect for Android and ChromeOS towards NetWall
8 Jun, 2022 openconnect oneconnect android
Configure the OpenConnect-GUI client towards Clavister NetWall
23 Aug, 2022 sslvpn openconnect oneconnect macos windows linux core



Tagsoneconnectuserbasedcore