We have five locations connected by PepVPN. Location 5 has a server with sensitive information that should only be accessed by three user devices. Those devices are laptops that the users physically carry among the sites so the user could be on at any locations 1 to 4.
Sometimes the users connect with wifi. The access points are in AP mode, not router/NAT mode, so the devices receives a DHCP address that is part of the wired LAN. Sometimes the user plugs into the wired LAN. Each device therefore has two possible MAC addresses.
I’m trying to write firewall rules to prevent other devices from using the PepVPN to see the servers at location 5. At the moment I’m doing it with passwords on the server but I prefer to back that up with restrictions in the network. Do the Internal Firewall rules affect traffic coming in via the PepVPN? If I enter a rule at location 5 that allows access via MAC address, will the Balance at location 5 even see the device’s MAC address coming in over the VPN?
Or can I do this from the opposite end, where the user is, by restricting access to a specific PepVPN link, to only certain users? That would be an outgoing firewall rule, but I don’t see options to control a specific PepVPN in that section.