[dantro]

There are several ways to accomplish this. You should of course first check SmartView Tracker for the rules that allow your RemoteUsers unwanted access. In your case I'd simply create a second rule below your Accept rule:

lockdown@svr1 any any traffic any Drop Log

Make sure no other rule above these two grants permission to your RemoteUsers.

What else could be done?
- you could define the allowed locations for your RemoteUsers within their User Properties
- you could use Accept instead of ClientAuth and define the RemoteAccess Community within the VPN tab of the related rule (see examples in demo mode) Example: lockdown@svr1 svr1 RemoteAccess RemoteDesktop Accept Log

Best regards,
Danny Trommer
CCSA/CCSE/CCSE+