Staff

Technical Tip: SSL-VPN web mode is not assigning IP address for the web login account

Forum|Forum|4 years ago
June 6, 2022
0 replies
2124 views

Description

This article describes that SSL-VPN web mode would not assign IP address for the web login account.

Scope

FortiOS 6.0 and FortiOS 6.2.

Solution

By design, SSLVPN web mode would not assign IPaddress for the web login account due to web mode process traffic flow (RDP connection, etc.) by proxy-based.

Web Mode monitor:

# get vpn ssl monitor <----- To check the SSL-VPN login user with IP address.

SSL-VPN Login Users:

Index User Auth Type Timeout From HTTP in/out HTTPS in/out

0 twtac 1(1) 225 10.1.218.5 0/0 300367/17426954 <----- Only the source IP address from the client end is visible.

SSL-VPN sessions:

Index User Source IP Duration I/O Bytes Tunnel/Dest IP
<empty>

Log information in GUI:

Tunnel Mode monitor:

# get vpn ssl monitor
SSL VPN Login Users:
Index User Auth Type Timeout From HTTP in/out HTTPS in/out
0 twtac 1(1) 295 10.1.218.254 0/0 0/0

SSL-VPN sessions:

Index User Source IP Duration I/O Bytes Tunnel/Dest IP
0 twtac 10.1.218.254 62 253916/234198 10.212.134.200 <----- assigned ip address to tunnel mode user.

Log information in GUI:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded