Creating a UserVPN Profile

When you use a VPN (Virtual Private Network), a user is dynamically assigned a virtual IP address when connected to a gateway. You can define resource-access policies based on the users. For example, you can have one policy for all users and then give different policies to different departments and business groups.

The profile-based security policy lets you define security rules to a target address, protocol, and ports. The default rule for a profile can be configured as deny all or allow all during profile creation. This capability allows flexible firewall rules based on the users, instead of a source IP address.

The security policy is dynamically pushed to the landing VPN gateway when a VPN user connects. It is only active when a VPN user is connected. When a VPN user disconnects, the security policy is deleted from the VPN gateway.

To create a VPN Profile:

  1. Go to Aviatrix CoPilot > CloudFabric > UserVPN > select the Profiles tab.

  2. Click + Profile.

  3. Enter the following information:

Setting Description

Name

Enter a clear name for the profile.

Security Policy

Base Policy

Select one of the two radio buttons:

  • Allow All - Select this option to enable access to all CIDRs except the ones you specify in the table below.

  • Deny All - Select this option to disable access to all CIDRs except the ones you specify below.

+ Deny Rule or + Allow Rule

  • If you selected Allow All above, click + Deny Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile.

  • If you selected Deny All above, click + Allow Rule and enter the Target CIDR, protocol, and port to deny for this VPN profile.

  • For simplicity, Allow Rules are not permitted if you select Allow All and Deny Rules are not permitted if you select Deny All.

  • CoPilot does not allow the use of a Hostname, such as www.example.com, in place of a CIDR range when adding policy rules.

User

To assign a user to this profile, enter the user’s name and press Enter.

Click Save.

The VPN profile is saved.