Greetings! Is there a way to restrict vpn access to company-owned devices? What we are trying to prevent is an employee installing netextender on a home pc - that isn’t managed by us - and potentially exposing our network to “bad things”. Maybe mac filtering?
If you have an SMA device you can restrict to domain joined devices only I believe.
Could you try SSO over SSL VPN and create access rule SSL-VPN zone to ad DNS server high priority rule. If user is trying to access company resources via home PC, access rule will block the user.
SMA, we just did this. Watch Jean Pierre Sonicwall videos on YouTube for help setting it up.
Can this work via SSL VPN (NetExtender) with RADIUS, and then have RADIUS handle the part where only connections from Domain Joined systems would be allowed? For clarification, I mean doing this with a TZ SonicWALL, or would there be some lack of ability for the NetExtender client to provide the Windows RADIUS server (NPS is running on our DC server) the information it requires in order to complete the connection?
Really with the built in options on a NSa or TZ series this does not exist. Using a SMA is your best option and will have multiple ways to do this.
setup ad authentication to only allow a particular group to connect to vpn, i do that.
You can restrict it by a LOT of things, not just Domain Joined. File names/paths, Programs Installed and a whole lot more.
If anyone can help, that dude can, for sure.
OP has a good idea/question; I’ma try some ideas of my own to restrict this and report back my findings (unless I forget).
OP wants device posture, not user security groups.