Skip to main content
genetics
genetics
New Member
March 25, 2025
Question

Setting up two separate SSLVPN

  • March 25, 2025
  • 4 replies
  • 999 views

I am looking to set up two separate SSL-VPN access connections, that would by used by two separate groups, both groups are using the same Fortinet device in one domain. (Example:) Group One: Bill is the admin of the Marketing group and supports 10 users.

Group Two: Zach is the admin of the billing group and supports 10 users. I want to make sure that both groups can access the VPN through separate IP address and separate ports. Environment FortGate 101D, Firmware 7.2.10. Thank-you 

4 replies

AEK
SuperUser
AEK
SuperUser
March 25, 2025

I'm not sure if it is useful to access SSL VPN through separate ports (I guess you mean TCP ports), but if you need it like that then you need different VDOMs.

Can you explain why do you need separate ports?

AEK
    dingjerry_FTNT
    Staff
    dingjerry_FTNT
    Staff
    March 25, 2025

    Hi @genetics ,

     

    In the same VDOM, I don't think that you can use separate IP and ports for SSL VPN connections.

     

    However, you may use the SSL VPN realm for your scenario:

     

    https://docs.fortinet.com/document/fortigate/7.2.10/administration-guide/724772/ssl-vpn-multi-realm

      owen911
      owen911
      Visitor III
      March 26, 2025

      Hi!
      Why not marketing group use SSLVPN and Bill Group use remote IPSec.
      SSLVPN enables you to create two group and use policies to restrict their access, if the goal is to control their access. 

      GauravPandya
      GauravPandya
      Explorer
      March 26, 2025

      I think one of the possible solution is to use realms as suggested by dingjerry_FTNT. You can create 2 separate realms, map user group and portal. For example,

      https://<Fortigate_IP>:<port>/sslvpn/Marketing

      https://<Fortigate_IP>:<port>/sslvpn/Billing

        Terms & ConditionsAccessibility statement