Created on
‎03-06-2023
10:20 PM
Edited on
‎08-23-2024
12:16 AM
By
Jean-Philippe_P
Description | This article describes when there are multiple IPs configured on the WAN port but to only use a secondary IP for SSL VPN. |
Scope | FortiGate. |
Solution |
It is not possible to pick the secondary IP on the SSL VPN for listening on Interface(s).
To select the secondary IP, there are two options:
After creating the loopback address, map it with the external IP and port to use on the WAN for SSL VPN.
Note: Make sure to write the desired WAN IP in the External IP address (Highlighted part).
This will then allow seeing two addresses listening when navigating from the VPN -> SSL VPN settings.
config firewall local-in-policy edit <ID> set intf "WAN_" <----- Will be the WAN interface. set srcaddr "all" <----- Specify here all sources needed to have access to the SSL VPN. set dstaddr "Primary_IP" <----- This will be the address object for the WAN/external interface IP address. set action deny <----- Action must be 'deny'. set service "VPN_Port" <----- This will be a service created that is associated with the SSL VPN port. set schedule "always" next end |