Description: The customer has deployed the network connector and would like to filter the Groups to access certain resource services (e.g. SSH, FTP, HTTP, HTTPS, RDP, etc.).
Resolution: From your CloudConnexa Portal, go to Networks > Destination Services and create an IP Service, then apply It to the Access Groups in CloudConnexa.
For this example, a User from Group A only has access to Linux and Windows Server Resources via SSH, RDP, FTP, and HTTP and Group B only has access to an Internal Web Server via HTTP.
From your CloudConnexa Portal, go to Networks > select the created Networks > Destination Services > IP Services > Add the New IP Services of your resources.
Next, change the Topology from the default setting Full-Mesh to Custom to use the Access group.
From your CloudConnexa Portal, go to Settings > WPC > Edit > Topology > Custom > Update (see the screenshot below).
After changing the Topology, proceed to configure your Access groups which specify the access relationship between Sources (i.e. Who?) and Destinations (i.e. What?). From your CloudConnexa Portal, go to Access > Groups > Create Access Group > Fill in the 'Access Group Name' > Source: User Groups (ex. Group A) > Destination: select all IP Services created > Create (see the screenshot below).
Do the same process as Step 3 but for different Sources(User Groups: Group B) and Destinations. Select IP Services "Linux_WebServer". (see the screenshot below).
Note: The Default Full Mesh Access Group already exists.
You can delete the default Access group when more than one Access group exists, or after you've created your Access groups. (see screenshot below)
Test the Access Groups from the connected VPN user device.
For this example test the access from Group A & B to the IP Services via telnet, netcat or accessing the services via SSH, RDP, FTP, and HTTP from their machines and verify If you are able to access It.
Please sign in to leave a comment.