Wanted to throw this out there & see if anyone has been in a similar situation:

Overall: We need to control only domain/managed laptops from connecting to our VPN. I'm doing this via SCV checks for domain membership (regkey). It works fine. On top of that, I need to allow SNX Access to a consultant w/ his own laptop. So I'm thinking the SNX is the best solution for him.

My question: Has anyone come across a way to control who can & cannot log in via SNX versus who can log in to the normal IPSEC VPN?

I basically only want this one guy (and maybe future outsiders) to be able to log in via the SNX. I can't have employees logging in via SNX on their home machines.

I've been testing this like crazy in a lab, and cannot get it squared away.

Info:
R75.40 on SPLAT
I have all the licenses in my prod environment and my lab

Curious if anyone else has run in to a requirement like this.

Thanks in advance,

Jay