Skip to main content
v20100
v20100
New Member
December 10, 2018
Question

Choice of SSLVPN profile

  • December 10, 2018
  • 2 replies
  • 5815 views

Hi

Is there a way to provide a choice of profiles for sslvpn clients (or with a different method to access)?

 

For example, a user would have the possibility to connect either with split tunnelling or without it.

 

I think, it is possible if it was based on group membership, but the user would need to be in only group, and therefore would only have method available

 

Thanks

    2 replies

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    December 10, 2018

    Try realms like in the cookbook. You don't have to have different groups to use realms. Each can use different auth method(group) and portal. We use them for a user to be in different facets of groups. But I don't see any reason they can't be the same group. Portals are the ones that decide split or no-split and what destinations to be able to reach for tunnel-mode.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    December 10, 2018

    This is the link to the cookbook:

    [link]https://cookbook.fortinet.com/multi-realm-ssl-vpn/[/link]

    emnoc
    emnoc
    New Member
    December 10, 2018

    Here's a post on my blog on realm  and the function that it can offer.

     

      http://socpuppet.blogspot.com/2017/05/fortigate-sslvpn-and-multiple-realms.html

     

    Ken Felix

    v20100
    v20100Author
    New Member
    December 10, 2018

    Thanks guys. I will have a look. I did not know about realms and found out it was not available by default. Will have a go. Hopefully, it will not break the current live settings!

    Terms & ConditionsAccessibility statement