NimbostratusF5 APM - limiting use of client connect mode
Since I can not force Auto Connect mode to our users, I am trying to figure out a different approach. Our scenario is that we don't want our users using VPN when in the office as it uses up an IP address from our limited pool of addresses configured for F5. Often our users have put their clients in Connect mode which forces the use of VPN. Training our users not to set this is a constant struggle and does not seem to work.
So we have done a few things to try to remedy this. One is creating a group policy to delete their client config file at startup which it recreates using the default setting Auto Connect. This seems to work only if they are shutting down their machines at the end of the day, but has reduced the number of users using VPN in the office by about 50%.
To try to capture the other 50%, we are using a IP match for recognizing the office subnet and sending a message box notifying them that they need to switch their setting and closes the session. But we found a scenario in which our IT staff when setting the clients up need to test the client with the user and need to use the connect mode to test. So the IT person is walking the user through what to do for the first time and I need to find a way to identify that the person trying to use the connect mode in the office is an IT person with out having to login as their admin account since it replaces the username variable for the session if I add another logon page. Is there any way to identify the admin in this situation? Something only an admin would know such as just a password?
Thank you in advance, Justin
