FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
athirat
Staff
Staff

Description

 

This article describes the possibilities of denying/limiting access to SSL VPN with IRDB database.

 

Scope

 

All FortiOS versions.

 

Solution

 

- IRDB database objects can neither be used in local in policies or SSL VPN setting. 

These objects can only be associated with Firewall Policies which caters to transit traffic only. 

Considering this, its not possible to limit SSL VPN access using IRDB database in a particular vdom.
Limiting can be done only by using IP address/subnet using 'Limit access to specific hosts' under SSL VPN settings.

 

- The only possibility to use this would be to create vdoms such that internet traffic reaches a vdom (lets say vdom1) where firewall policies + IP reputation objects can be applied, and the SSL VPN should be terminated in another vdom (lets say vdom2).

 

However this does require a re-structure of the setup and would need routing adjustments.

Contributors