Restrict access from different hosts for different portals

Question

Hello Everyone,

This is on a FG200D running firmware 5.2.3.

I want to set up multiple SSL VPN portals on the same Fortigate device, but have different host restrictions for each portal.

I can set up the different portals and realms easy enough, but I have found that the "limit access to specific hosts" setting is global for all SSL VPN portals. I would like to have different settings for different portals.

For example, have https://my.vpn.address/customer1 be restricted to customer1's IP address, and https://my.vpn.address/customer2 be restricted to customer2's IP address.

Going to SSL > Settings I see the restrict access options, but setting something there would apply to both customer1 and customer2, correct? I didn't see any obvious way to do this from the CLI or with a policy (i.e. ssl.root > network.)

Does anyone know how I could accomplish restricting different portals to different hosts?

Thanks!

rwpatterson · Answer

Just restrict in the policy. Use separate IP networks for the incoming traffic, and the policy will determine where they can go based on their IP address (supplied by the portal credentials).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded