Hey everyone! I'm trying to find a way to restrict access to a public website so that users must reach it via a specific IP address. I'm looking into Microsoft's Global Secure Private Access and the setup seems straightforward: install the client, add the connector service on a server, and configure it. But I'm wondering if this can be used to control access to external sites as well. For instance, is it possible to ensure all traffic to www.google.com comes from my office's WAN IP? Any insights? Thanks!
1 Answer
Yes, you can force all machines connected to Global Secure Access to route through your office's WAN. However, keep in mind that if someone accesses the site directly using their own IP, you won't have control over that. It really depends on whether the site you're targeting supports some form of IP whitelisting or SSO with Conditional Access. Without that, you won’t have a way to block access from outside the WAN directly.
Interesting! So if I get it right, we can only manage traffic for devices that are configured with GSA, right? Does that mean if we use split tunneling, we won't be able to specify which sites route through the corporate network?
Thanks for clarifying! Just to add, the site I’m interested in is hosted on AWS and has an 'allow list' for IPs. I was hoping to enforce this through Global Secure Private Access to make sure all users access it through the connector.