Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Debbie_FTNT
Staff
Staff

Created on ‎08-15-2020 06:54 AM Edited on ‎11-23-2021 07:45 AM By Anonymous

Article Id 192916

Technical Tip: Adding groups to SSLVPN policies with VIPs

Description
This article describes how groups can be added to SSLVPN policies with Virtual IPs (VIP: DNAT objects) as destination.

Solution
Under some circumstances, when attempting to add groups to a policy from SSLVPN to a VIP as destination, the FortiGate can through up errors when attempting to add a usergroup:

GUI error: 'Failed to save some changes: Entry not found.'


 
 
or from CLI:
# config user policy
    edit <ID>
        set group testgroup
    end
entry not found in datasource

value parse error before 'testgroup'
Command fail. Return code -3
This is triggered if the user group to be added is associated with a SSLVPN portal in web-mode.
VIPs are not intended for web-mode SSLVPN access, so FortiGate does not allow for adding these groups.
The VPN portal where the FortiGate is associated needs to be switched to tunnel-mode.
Once this is done, the group can be added to the policy with destination VIP.



 

Labels:
2980
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.