Skip to main content
AbdelrahmanElsokary
AbdelrahmanElsokary
New Member
November 28, 2025
Question

Transfer From SSL Vpn to ipsec remote

  • November 28, 2025
  • 1 reply
  • 220 views

Hello ,

I’m planning to change My current setup from SSL-VPN to IPsec remote access, but I have a few questions first.

How can we handle geolocation restrictions, MAC-address allow/deny, and host checks when using IPsec? For example, will geolocation and MAC binding be enforced only through the firewall policy, or is there a different approach for IPsec remote connections?

Thank you.

1 reply

AEK
SuperUser
AEK
SuperUser
November 29, 2025

Hi Abdelrahman

In IPsec you should be able to filter on GeoIP with local-in policy.

To restrict on some MAC addresses then this tech tip may help (I didn't test it though).

https://community.fortinet.com/t5/FortiGate/Technical-Note-Configure-IPsec-VPN-with-XAUTH-authentication/ta-p/192264

But if you are looking for a serious host authentication and compliance solution then ZTNA should be your one of the best solutions (licensed version of FortiClient).

AEK
Terms & ConditionsAccessibility statement