Skip to main content
technician
technician
New Member
February 14, 2018
Question

different tunnel

  • February 14, 2018
  • 1 reply
  • 4983 views

Hi,

 

I just successfully setup SSL VPN with split tunneling for 10 users. When suddenly one of the remote access users, one of them need not be split tunnel because he/she basically doesn't need to be split tunneled since he/she won't be using the internet for browsing, mainly just for work. 

 

Is it possible to isolate this specific user? BTW, I'm using a Fortigate 61E.

 

Thanks

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    February 14, 2018

    You need to use either LDAP auth server or Realms to separate user groups and bind different portals; one split, the other no-split. Then set different policies. Below is one of cookbook page for realm config.

    http://cookbook.fortinet.com/multi-realm-ssl-vpn/

     

    emnoc
    emnoc
    New Member
    February 14, 2018

    I agreed, you need multiple portals. This will allow you to set split-tunnel and tunnel-all to each portal.

     

    Ken

     

    technician
    technicianAuthor
    New Member
    February 26, 2018

    I've already set 2 portals, 

     

    First portal is: Full-access (tunnel and web) this portal was also set to split tunnel so they can access their internal and th einternet separately

     

    Second portal is: Tunnel only ( no split tunnel)

     

    But whenever I used the non-split tunnel portal, it is not recognize by one of the web servers which only recognizes the Fortigate's IP. 

     

    Thanks

    Jeff

    Terms & ConditionsAccessibility statement