Disable "All Other Users/Groups" in SSL VPN

Question

Hello,

I have a problem with disabling "All Other Users/Groups" on a Fortigate 40C (5.2.9). I don't want other users than the users that are mapped to a group.

Authentication is done Trough LDAP. There are two LDAP groups mapped to a local group. Those suppose to have acces. But now everyone has access to the Full-Access VPN portal. Because The All Other Users/Groups does also has the portal Full-Access assigned. The problem is that there can be only one portal on the Fortigate 40C. So i can't assign a portal with less rights to the other users.

Does someone has a idea how to solve this?

_mribwan · Answer

Hi. Although this post is significantly old, I just would like to share my finding

You may configure a dummy portal with tunnel mode and web-mode disabled, and assign All Other Users/Groups to this portal

Ref : https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/947829/ssl-vpn-security-best-practices#Set

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded