LAN Device Access Management enables you to give limited VPN access to users. This is especially useful when your machine is equipped with devices from different suppliers. For commissioning and maintenance reasons, these suppliers may require VPN access to their devices, but not to others.
Please follow the steps below:
Activate LAN Device Access Management
If you do not have a (company-wide) LAN Device Access Management license yet, please contact your IXON account manager or IXON distributor.
- Activate LAN Device Access Management at Admin > Licenses > Add new license.
- This enables the feature for ALL devices in your company.
Configure LAN Device Access Management
The VPN connect service already exists when you first register your IXrouter and cannot be removed. Users with access to your VPN access category have full VPN access and can reach all devices in the machine network.
Limited VPN access (i.e. access to a specific IP address) can be granted by adding limited access and assigning it to a different access category. Users with access to that access category will instead only be able to access the specified IP address and no other devices in the machine network. More information about access categories can be read here.
- If you haven't already, create a new access category for limited VPN access at Admin > Roles.
- Open the VPN connect settings under Fleet Manager > Devices > Your device > Services.
- Add limited access to a specific device in the machine network and assign it to the access category you just created.
Update your user management so users no longer have full VPN access, but instead can only access the devices you specified.
- At Admin > Roles, edit the necessary roles to:
- revoke access to the access category that grants full VPN access.
- give access to this new access category.
- The above update changes the permissions of every user with these roles. If this is undesired, you may choose to create a separate role instead, at Admin > Roles, and assign it to the user at Portal > Users.