All Topics » Pulse Connect Secure



Multitenant per vrf/VLAN is possible?


victormn
Contributor (0)
Aug 30, 2017 10:25am
Hi,

I would like to know if is possible to use an unique IP public associate with a certificate, but use the url to assign an user in a specific VLAN

Example,

https://company.com/custormer1 => assign to VLAN100
https://company.com/custormer2 => assign to VLAN200
https://company.com/custormer3 => assign to VLAN300
....

I have a solution that work,

https://customer1.company.com (Certificate=customer1.company.com assign to VLAN100)
https://customer2.company.com (Certificate=customer2.company.com assign to VLAN200)

but I use two IP public address and two different DNS resolutions, ona for each, the problem is that this solution is not scalable

I think that there aren't other solution, because the assingment of the vlan is done in the Certificate configurarion.

Could you help me?

Thanks



victormn
Contributor (0)
Aug 30, 2017 10:35am
There are other solution too, to create a different certificates, for example:

customer1.company.com
customer2.company.com
....

All customerX.company.com resolve in the same IP public address, but the problem is that I need one public certificate for each dns domain.

Is not possible to assign the VLAN on the realm or something like that?
    Olivn
    Contributor (1)
    Sep 4, 2017 11:45am
    SIGNIN-URL: https://company.com/custormer1 => REALM_MULTITENANT
    SIGNIN-URL: https://company.com/custormer2 => REALM_MULTITENANT
    SIGNIN-URL: https://company.com/custormer3 => REALM_MULTITENANT

    REALM "REALM_MULTITENANT"
    custom_expression : loginURL = "https://company.com/custormer1" -> ROLE "ROLE_customer1"
    custom_expression : loginURL = "https://company.com/custormer2" -> ROLE "ROLE_customer2"
    custom_expression : loginURL = "https://company.com/custormer3" -> ROLE "ROLE_customer3"

    ROLE "ROLE_customer1"
    "VLAN/Source IP" => assign to VLAN100

    ROLE "ROLE_customer2"
    "VLAN/Source IP" => assign to VLAN200

    ROLE "ROLE_customer3"
    "VLAN/Source IP" => assign to VLAN300