I have 3 APM machines geographically located on 3 different continents. All three have the same configuration and the same policy. For the sake of simplicity, we will say that their names are:
I want to understand if there is a way to make the connection in the following configuration:
Step 1 : A user will perform the authentication (including MFA) against the main machine (vpn.mydomain.com)
Step 2: After verification, the user will transferred according to their geographical affiliation (assuming, for example, that I have an AD group that contains all users in the US and another group that contains All users from Europe) to another APM appliance with a token
Step 3: The user will open the VPN's tunnel to the geografic machine after it has already been authenticated on the main machine
Does anyone know a way to make such a connection?
Are they standalone machines or clustered?
If standalone i don't see a build in way. You might be able to build something, but that is going to be tricky.
DNS load balancing for region as the first step and then doing auth only were you end up is probably an easier way to go.