Hey,
So I have a bunch of road warriors that use VPN connections. Generally I use SSTP/L2TP, but really this request would be useful for all of the connection types. I know that it is possible to create a "server binding" for a specific user and then use that interface in firewall rules, etc. This is fine for a small number of users, but it gets bulky for large numbers of users. What would be really useful is a feature similar to the IPSec Policy Templates, but for Server Bindings. A way to have a class of users or a template that could be created and then referenced in the firewall etc. This way I could allow a set of users easy access to certain resources.
As an example suppose I have a set of users (user1, user2, ... usern). In the current system if I want to reference their "server interface" I have to create server bindings for all of the users individually (l2tp-server-user1, ... l2tp-server-usern). What I am requesting would allow me to create a single l2tp-server-users that would allow me to reference all of them. This way if I also had a set of admin users (auser1, auser2, ..., auserm), I could then create a binding l2tp-server-ausers and use that to allow access to that group to a set of resources. This means I could create complex firewall rules, etc using the server binding interfaces while only actually creating two "template" or "class" bindings instead of one per user (or in this case n+m).
Does this request make sense? Anyone else have thoughts?
-Eric