assign static IP addresses to users connecting tunnel-mode SSL VPN

hilelko · ‎10-28-2017

Hello to all

I will appreciate having your assistance to find the best practice to assign static IP addresses to users connecting tunnel-mode SSL VPN.

my customer asks that each SSL VPN user must always get the same unique IP address which is never assigned to any other user.

I try to find the answer in

FortiOS™ Handbook - Authentication

http://docs.fortinet.com/uploaded/files/1937/fortigate-authentication-52.pdf

FortiOS™ Handbook - SSL VPN

http://docs.fortinet.com/uploaded/files/3603/fortigate-sslvpn-56.pdf

but I cant's find any explanation how to do it

Thank you for your help

Best Regards

Hillel Kobrovski

hilelko · ‎10-28-2017

does anybody know if using RADIUS authentication with special VSA ( Vendor Specific Attribute ) can help me solve the problem?

where can I find formal best practice instructions how to implement this kind of configuration with Microsoft Radius (IAS)?

page 22-23 from " FortiOS™ Handbook - Authentication "

FortiOS supported RADIUS attributes

RADIUS attribute-value pairs

RADIUS packets include a set of attribute-value pairs (AVP) to identify information about the user, their location
and other information. The FortiGate unit sends the following RADIUS attributes.

Radius Attribute #4 | Name = Framed-IP-Address | Description = Address to be configured for the user | AVP Type = 8

Thank You for your help

Best Regards

Hillel Kobrovski