I have 50 users who take their laptops home and to hotels to work from there. I would like to create a connection aware group that will allow them to get to the hotel-proxy page where they have to agree to the terms, and get an IP. After they have done this I want to restrict them from getting out to to the web (80) to browse. I do however want to allow them to VPN in so that they can access the resources here in the office to do work.
Could anyone give me a hand with this? Is this something that is possible with the HIPS firewall?
You would create a connection aware group based on IP and another setting (like DNS servers). You would then put all rules that you want only when the user is VPN connected into this group. The rules necessary for VPN access (allow DNS and IKE, etc.) would need to be placed above the CAG in the ruleset.