Skip to main content
fiberopt1986
fiberopt1986
New Member
November 14, 2015
Question

FortiClient VPN tunnel

  • November 14, 2015
  • 2 replies
  • 3046 views

Hello all,

 

I cannot find a specific article how to do the following on the Fortinet site, so help would be much appreciated (even to point out kb article displaying how to do it).

 

I have a forticlient tunnel setup currently. I need to be able to give different levels of access. I will give you an example:

 

User1 --> Can only access 192.168.1.0 / 24 subnet (which is a vlan)

User2 --> Can only access 192.168.2.0 / 24 subnet (Which is another vlan)

 

..Etc.

 

Now The only way I can see doing this is by multiple forticlient tunnels? But that would be difficult to maintain if I require 8 users having access to different resources.

 

Thank you!

    2 replies

    gschmitt
    gschmitt
    New Member
    November 16, 2015

    What Firmware are you running? In 5.2 (I think) and later you can apply User (Groups) to the SSL.Root > Interface policies

    fiberopt1986
    fiberopt1986Author
    New Member
    November 16, 2015

    Hello,

     

    We are currently using 5.2 firmware.

     

    Just to clarify this is a IPSEC forticlient tunnel; not SSL.

     

    I also tried to create a source from Forticlient > Internal with Source user and specified a local fortigate user which is also the user connecting, and I cannot connect to that specific internal resource when I specify the local user. When taking off the user I can connect fine.

     

    Not sure what else needs to be done.

    Terms & ConditionsAccessibility statement