force ssl vpn connection for ip subnets

Forum|Forum|2 years ago
February 25, 2024
1 reply
1252 views

Hello,

I'm new with the ssl vpn topic. I'm working for a bigger company with many factories all over the world.

We have a central company vpn solution for accessing the network devices / ressources from mobile working or homeoffice (zscaler). But with this vpn solution we are reaching all devices (in general) all over the world, if they have public addresses.

In this factory we can reach our clients with public addresses for remote support. But we can also reach them from outside factory (with central vpn). Now we want to restrict this access from homeoffice / mobile working with our own vpn (fortigate).

This works already for our private adresses, because there is no route with the central vpn solution, it uses the vpn solution from us. Zscaler must be turned on, otherwise we don't reach the ssl vpn.

Any ideas? Otherwise I would migrate those clients from public to private adderesses.

dbu

Staff

HI @Pkay983 ,

I am not sure if i understood your situation correctly, but you can configure FortiGate and restrict SSL VPN to certain IP addresses, subnets , ip ranges and GEO locations based on countries.
You can achieve this by creating address objects :

Thank you can apply them here on the SSL VPN settings :

Pkay983Author

New Member

I want my client to use the Forti SSL VPN Connection for my Clients in the Factory.

but my Client Uses the Company VPN Solution (Zscaler).

Edit: in the routingtable on my client I find the IP-Range pointed to my fortigate ssl vpn, but the client still uses the way over the company zscaler connection.

Private adresses are working fine.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded