restrict SSL VPN traffic to RDP

Forum|Forum|19 years ago
January 15, 2007
2 replies
3687 views

SSL VPN up and working great but I want to restrict the VPN traffic to RDP only to protect the internal network from issues with remote users. The native RDP client in SSL VPN doesn' t work for our needs. Whenever I change the Service from anything but ANY there are issues with the SSL VPN tunnel. What am I missing? Thanks in advance.

nvelocityAuthor

New Member

I still have no solution. Any ideas from anyone why this doesn' t work? SSL VPN is great but I don' t need to open the entire LAN to remote users, just a single service. Advice appreciated!

rwpatterson

New Member

In the advanced section of the User Group, choose an IP range that tunnel users will appear under. Then create a Policy -> Address Range that duplicates this, and use it in the corresponding Policy. This will restrict these users only to what the policy will allow. The tunnel range must consist of IP addresses that reside on the Fortinet interface, or it won' t work.

nvelocityAuthor

New Member

Thanks for the response, but this still isn' t 100% clear to me. I have my SSL VPN rule in place WAN > Internal. Source - ALL, Dest - ALL, Service ANY. Altering that policy in any way breaks the SSL VPN. I have my SSL VPN IP Range address group created. Do I create another WAN > Internal policy and specify the SSL VPN IP' s as the source? Won' t the other SSL VPN policy of ALL > ALL override that? All I want to do is restrict SSL VPN clients to RDP only.

A

Anonymous_User

Contributor

Config FW rule for SSL-VPN to only allow RDP to a IP-range. Regards, Eric

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded