Creating a UserVPN Profile

When you use a VPN (Virtual Private Network), a user is dynamically assigned a virtual IP address when connected to a gateway. You can define resource-access policies based on the users. For example, you can have one policy for all users and then give different policies to different departments and business groups.

The profile-based security policy lets you define security rules to a target address, protocol, and ports. The default rule for a profile can be configured as deny all or allow all during profile creation. This capability allows flexible firewall rules based on the users, instead of a source IP address.

The security policy is dynamically pushed to the landing VPN gateway when a VPN user connects. It is only active when a VPN user is connected. When a VPN user disconnects, the security policy is deleted from the VPN gateway.

To create a VPN Profile:

Go to Aviatrix CoPilot > CloudFabric > UserVPN > select the Profiles tab.
Click + Profile.
Enter the following information:

Setting	Description
Name	Enter a clear name for the profile.
Security Policy
Base Policy	Select one of the two radio buttons: Allow All - Select this option to enable access to all CIDRs except the ones you specify in the table below. Deny All - Select this option to disable access to all CIDRs except the ones you specify below.
+ Deny Rule or + Allow Rule	If you selected Allow All above, click + Deny Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile. If you selected Deny All above, click + Allow Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile. For simplicity, Allow Rules are not permitted if you select Allow All and Deny Rules are not permitted if you select Deny All. CoPilot does not allow the use of a Hostname, such as www.example.com, in place of a CIDR range when adding policy rules.
User	To assign a user to this profile, enter the user’s name and press Enter.

Setting

Description

Name

Enter a clear name for the profile.

Security Policy

Base Policy

Select one of the two radio buttons:

Allow All - Select this option to enable access to all CIDRs except the ones you specify in the table below.
Deny All - Select this option to disable access to all CIDRs except the ones you specify below.

+ Deny Rule or + Allow Rule

If you selected Allow All above, click + Deny Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile.
If you selected Deny All above, click + Allow Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile.

For simplicity, Allow Rules are not permitted if you select Allow All and Deny Rules are not permitted if you select Deny All.
CoPilot does not allow the use of a Hostname, such as www.example.com, in place of a CIDR range when adding policy rules.

User

To assign a user to this profile, enter the user’s name and press Enter.

Click Save.

The VPN profile is saved.