Restrict SSL VPN Access to a Specific Public IP for a Single User

Question

Hello,I would like to configure a FortiGate SSL VPN policy with the following requirement:For one specific user only, I need to allow SSL VPN access only if the connection originates from a defined external (public) IP address.Other SSL VPN users should not be affected — they should continue to connect normally without any source IP restriction.I’ve tried using Allow IPs / Deny IPs in the SSL VPN Settings, but that applies globally, so it doesn’t solve this case.I also tried to handle it with the SSLVPN-to-LAN firewall policy, but that doesn’t seem to work as expected.Even Local-In policies didn’t help.Do I need to create a separate SSL VPN portal and apply a host check rule, or is there another recommended method to achieve this in version FortiOS 7.2.11?Best regards,

funkylicious · Answer

hi,you could create a separate portal/realm for that particular user/group and set the source as described here,  https://community.fortinet.com/t5/FortiGate/Technical-Tip-set-source-address-in-SSL-VPN-settings/ta-p/194231

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded