Creating Secure Access Role-Based Source IP Alias (NSM Procedure)

To direct traffic to specific sites based on roles, you can define a source IP alias for each role. You use these aliases to configure virtual ports you define for the internal interface source IP address. A back-end device can then direct end-user traffic based on these aliases, as long as you configure the back-end device, such as a firewall, to expect the aliases in place of the internal interface source IP address. This capability enables you to direct various end users to defined sites based on their roles, even though all of the end-user traffic has the same internal interface source IP address.

Note: You must define virtual ports to take advantage of the role-based source IP aliases.

To specify a source IP alias for the role:

  1. In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure user roles.
  2. Click the Configuration tab, and select Users > User Roles. The corresponding workspace appears.
  3. Click the New button and the New dialog box appears.
  4. Add or modify settings on the General > VLAN/Source IP as specified in Table 9.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 9: IP Alias Configuration Details

Option

Function

Your Action

VLAN

Specifies role-based source IP aliases. If you want to direct traffic to specific sites based on roles, you can define a source IP alias for each role.

Select the VLAN you want to use from the VLAN list, if you have defined VLAN ports on your system.

Note: If an end user is mapped to multiple roles and the Secure Access device merges roles, the Secure Access device associates the source IP address configured for the first role in the list with the merged role.

Select Source IP

Configures virtual ports you define for the internal interface source IP address.

Select a source IP address from the list.

Note: You can specify the same source IP address for multiple roles. You cannot specify multiple source IP addresses for one role.

Related Documentation