Hello,
All my users are in a LDAP group "Users".
All my admins are in LDAP group "Admins" and "Users"
I have a SSL VPN portal for all users (Group Users).
I have created a specific portal for all admins.
But the admins are recognized like simple users.
They are a possibility to do this ? Because i tried to change order but nothing change, my admins are seen like simple users.
Thks
There are more to have two user groups backed by one Auth server than just separate portals. You need to have separate policy sets after defining two different user groups.
But even if you do that, admin users might not be consistently recognized as admin users if the username is the same. Because the FGT asks authentication for all possible groups for SSL VPN even if they're authenticated by different auth servers. Then accepts the first affirmative reply.
Read the
https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-quick-guide-to-FortiGate-SSL-VPN-authentication/ta-p/202041
So your option would be using "realms" so that the user can specify which group to log on by themselves, unless you can/want to define different usernames for admin users, like Sylvanar_a.
Below
https://community.fortinet.com/t5/Blogs/Deploying-SSL-VPNs-Using-Multiple-Realms/ba-p/238145
But it's basically the same with the old cookbook like below, which is based on CLI:
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/724772/ssl-vpn-multi-realm
Toshi
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
