FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the possibilities of denying/limiting access to SSL VPN with IRDB database.
All FortiOS versions.
- IRDB database objects can neither be used in local in policies or SSL VPN setting.
These objects can only be associated with Firewall Policies which caters to transit traffic only.
Considering this, its not possible to limit SSL VPN access using IRDB database in a particular vdom. Limiting can be done only by using IP address/subnet using 'Limit access to specific hosts' under SSL VPN settings.
- The only possibility to use this would be to create vdoms such that internet traffic reaches a vdom (lets say vdom1) where firewall policies + IP reputation objects can be applied, and the SSL VPN should be terminated in another vdom (lets say vdom2).
However this does require a re-structure of the setup and would need routing adjustments.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.