I want to create a policy that VPN users can vpn into the firewall but cannot administer it (not able to ssh/telnet/https) to the firewall.
Radius is used for vpn authentication and for ssh/telnet/https to the firewall authentication.
I have created 2 groups named admin and second one VPN.
If i used the NAR to block network access to the firewall, it blocks the vpn access as well. If not do the NAR then vpn users can administer the firewall. can you please advise any solution to that. I want that vpn users can vpn into the firewall but cannot administer the same firewall.
Thanks in advance.