Applies to all Barracuda SSL VPNs.
Using NAC the Barracuda SSL VPN can be configured to block users from logging in at times specified by the administrator. So, if users are only supposed to login between 7am and 7pm on Monday through to Friday, NAC can be set to block access outside of those times.
The easiest way to configure this is to set the NAC to block access at all times and then create a NAC Exception for the times that the users will be able to login, to create this configuration follow these instructions.
- Login to the SSL VPN with the ssladmin and select the database this configuration will be setup on. NAC is realm aware so you must be editing the user database this will be for.
- Go to ACCESS CONTROL > NAC and make sure Enable NAC Rules is set to Yes, then set the Login at any time or day option to Block, save the changes.
- Now, access to the SSL VPN on this user database is being blocked at all times and will need exceptions to allow any kind of access. Go to ACCESS CONTROLS > NAC Exceptions and create a new exception:
- Set a name for the exception.
- Select the Lookup button, this loads Applies To page which allows specification of the Users/Groups/Policies the exception will apply to. Select Add when finished adding principles.
- Set the Start Time and End Time of the Exception. In this case, 07:00 is the start time and 19:00 is the end time.
- Specify the Access Days. Click and drag to select multiple days, in this case Monday – Friday.
- In the Type list select Login Time.
- Set the Access option to Allow & Continue or Allow.
- Select the Add button to save the exception.
With the exception complete, the SSL VPN will now block access whenever anyone attempts to login, but if they are included in the NAC Exception then they will be able to log in between 7am and 7pm Monday to Friday.
As of firmware 2.1 it is also possible to set Time Restrictions directly onto policies when creating or editing them without the use of NAC or NAC Exceptions, see solution 5714 for more details on this procedure.
Link to this page: