Hi @Dectro 

Thanks for posting in our business forum.

It conflicts and this is expected.

Dectro wrote

Hello,

I have a problem with ssl vpn and vlan configuration.

I have 5 vlans setup (10,20,30,40,50) and 2 vpn users (Root, Home).

I would like the Home user to have access only to vlan 20 and its internet traffic would also be tunneled.

I can't do this because when I give it access to the Internet, it also has access to other vlans.

Below are screenshots of my resources config.

 

 

 

I tried to enter gateway address instead of 0.0.0.0, but unfortunately there is no Internet access.

Of course, if I turn off Internet access (remove 0.0.0.0/0 from user resource), the Home user only has access to vlan20.

Please advise what else I can do. 

Thank You!

0.0.0.0/0 means any network. Which you remove it from the destination, it can only allow you to access the VLAN 20. Normal.

Setting 0.0.0.0/0 would allow its traffic to any network. Normal. Because 0.0.0.0/0 overlap all the networks.

Try to set up the ACL and see if it would stop this SSL client.

Or specify the resource group by creating multiple rules that exclude certain networks but include all other networks. That'll be tweaking your subnets.

That would be the only way to do it AFAICS.