Skip to main content
Alexandre1
Alexandre1
New Member
December 9, 2022
Question

VPN SSL WEB FILTER AND APP CONTROL

  • December 9, 2022
  • 1 reply
  • 1593 views

1- I have an SSL VPN and I need that when users connect from home, the internet output must be done through the company's Wan links.

2- I need to apply the Web filter and the application control in this SSL VPN rule

can anyone help?

 

#VPNSSL

 

1 reply

pminarik
Staff
pminarik
Staff
December 9, 2022

This is a fairly basic scenario. Here's a KB for full-tunnel SSL-VPN - https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/559546/ssl-vpn-full-tunnel-for-remote-user .

 

The key elements are:

  1. Ensure that the portal assigned to users has split tunneling disabled
    tunnel-mode SSL-VPN profile with split tunneling disabledtunnel-mode SSL-VPN profile with split tunneling disabled
  2. Ensure that you have an <sslvpn interface> => "wan" firewall policy and enable any relevant UTM inspection profiles in it.
    sample SSL-VPN firewall policy for internet accesssample SSL-VPN firewall policy for internet access

     

Yurisk
SuperUser
Yurisk
SuperUser
December 9, 2022

Just a note - you forgot to enable the NAT on the rule. 

pminarik
Staff
pminarik
Staff
December 12, 2022

Good point!
This was originally a screenshot of a VPN policy directed into the local LAN, with the outgoing interface covered by a new text, where SNAT wouldn't be needed, and I forgot to update that part.

Terms & ConditionsCookie settingsAccessibility statement