Forum Discussion
Edouard
Cirrus
CirrusVPN restrictions to domain computers
Greetings, Please do you know if there is a way Edge client can restrict VPN access to only domain computers. Thanks, Edouard.
Nikoolayy1
MVP
MVPIf you want to check if the computer is a member you can check this post for the use of ad machine sert or Registry Check object https://devcentral.f5.com/s/question/0D51T00006i7Xzw/is-it-possible-to-have-big-ip-apm-portal-access-to-check-computer-membership . The windows team can auto load a reg key or a new machine cert on currently joining computers.
For more info about the inspection:
https://support.f5.com/csp/article/K15302653
If you want to block even domain computers if they try to connect but are not currently logged to the domain before starting the VPN without the use of SAML or NTLM Auth (I think maybe this is not case as it is too rare and you want only to check if they are doman computers).. You can just block the source IP that are not in the subnet that is provided by your DHCP/AD server. Maybe also you can block the users by inspecting if a local application like DLP or so on is not working and this aplication only works, when the computer is in the the domain but better ask the windows/worstation support team for such options. Maybe the windows team can add a script to the machines that checks the location Awareness log and make a change on a Registry key that F5 after that checks ?