How to allow user to Remote Desktop to server on their subnet that they are belong to?

Question

I configured the webtop to allow users to enter their Remote Desktop Connection IP address to AWS EC2 instance.  Next, I want to only allow specific groups to have access on their AWS VPC subnet.  We managed multiple AWS VPC for different program groups.&nbsp;
Right now, user can enter IP address for RDP that belong to another program VPC subnet.&nbsp;
For example:
User (from Program1) should only RDP to any servers on their subnet 10.0.1.0/24, but they can still RDP to any servers to another Program subnet.  I need to find a way for Program1 only have RDP access to their subnet 10.0.1.0/24 not other subnet.&nbsp;
I tried using ACLs, but the problem is that Remote Desktop object on F5 is part of ACL and I’m using variable: %{session.logon.last.ipaddress}:3389 which will allow any IP address.  It will never go to the next ACL in order.  See picture:&nbsp;
&nbsp;
Any idea how I can do this?&nbsp;

stanislas_piro2 · Answer

change ACL order to set user-defined ACL before Remote desktop ACL.&nbsp;

Forum Discussion

How to allow user to Remote Desktop to server on their subnet that they are belong to?

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Related Content

Two-Factor Authentication – Remote Desktop Gateway

EC certificate breaks remote desktop

Remote Desktop Protocol (RDP) using an SSL VPN

Hitting the Easy Button: Securing the Remote Desktop on F5 BIG-IP APM

Automated backup F5 configuration to remote server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS