Question
Fortigate IPsec Dialup VPN Multiple User Group
Hi everyone,
I am configuring a Dial-up IPsec VPN on FortiGate (FortiOS 7.6.6) and I want to restrict access based on the user group.
Requirement
I have two local user groups configured on the FortiGate
RA-ADMIN-USER
RA-CCTV-USER
Both groups should be able to connect to the same Dial-up IPsec VPN tunnel, but with different access permissions
RA-CCTV-USER → should be able to access only the CCTV subnet
RA-ADMIN-USER → should be able to access all internal subnets
What is the recommended way to allow multiple user groups to authenticate to the same IPsec Dial-up VPN?
If anyone has implemented a similar setup, I would appreciate guidance or example configuration.
Thanks in advance.